# Flog Txt Version 1 # Analyzer Version: 2024.1.0 # Analyzer Build Date: Jan 4 2024 18:31:15 # Log Creation Date: 11.02.2024 21:14:55.188 Process: id = "1" image_name = "securiteinfo.com.trojan-psw.agent.26016.exe" filename = "c:\\users\\keecfmwgj\\desktop\\securiteinfo.com.trojan-psw.agent.26016.exe" page_root = "0x458f1000" os_pid = "0xd74" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x778" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\SecuriteInfo.com.Trojan-PSW.Agent.26016.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0ba" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 116 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 117 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 118 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 119 start_va = 0x130000 end_va = 0x32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 120 start_va = 0x77880000 end_va = 0x77a28fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 121 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 122 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 123 start_va = 0x13f090000 end_va = 0x13fd07fff monitored = 1 entry_point = 0x13fd06a70 region_type = mapped_file name = "securiteinfo.com.trojan-psw.agent.26016.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\SecuriteInfo.com.Trojan-PSW.Agent.26016.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\securiteinfo.com.trojan-psw.agent.26016.exe") Region: id = 124 start_va = 0x7feffba0000 end_va = 0x7feffba0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 125 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 126 start_va = 0x7fffffd5000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 127 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 266 start_va = 0x330000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 267 start_va = 0x77660000 end_va = 0x7777efff monitored = 0 entry_point = 0x77675340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 268 start_va = 0x7fefd920000 end_va = 0x7fefd98bfff monitored = 0 entry_point = 0x7fefd922780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 269 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 270 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 271 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 272 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 273 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 274 start_va = 0x7feff7d0000 end_va = 0x7feff86efff monitored = 0 entry_point = 0x7feff7d25a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 275 start_va = 0x590000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 276 start_va = 0x330000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 277 start_va = 0x490000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 278 start_va = 0x7feff870000 end_va = 0x7feff94afff monitored = 0 entry_point = 0x7feff890760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 279 start_va = 0x7fefdef0000 end_va = 0x7fefdf0efff monitored = 0 entry_point = 0x7fefdef60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 280 start_va = 0x7feffa60000 end_va = 0x7feffb8cfff monitored = 0 entry_point = 0x7feffaaed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 281 start_va = 0x7fef9280000 end_va = 0x7fef92bafff monitored = 0 entry_point = 0x7fef92822f0 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 282 start_va = 0x77780000 end_va = 0x77879fff monitored = 0 entry_point = 0x7779a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 283 start_va = 0x7feff980000 end_va = 0x7feff9e6fff monitored = 0 entry_point = 0x7feff98b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 284 start_va = 0x7fefef80000 end_va = 0x7fefef8dfff monitored = 0 entry_point = 0x7fefef81080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 285 start_va = 0x7fefe120000 end_va = 0x7fefe1e8fff monitored = 0 entry_point = 0x7fefe19a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 286 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 287 start_va = 0x590000 end_va = 0x717fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 288 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 289 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 290 start_va = 0x7feff950000 end_va = 0x7feff97dfff monitored = 0 entry_point = 0x7feff951010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 291 start_va = 0x7feff3d0000 end_va = 0x7feff4d8fff monitored = 0 entry_point = 0x7feff3d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 292 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 293 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 294 start_va = 0x790000 end_va = 0x910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 295 start_va = 0x920000 end_va = 0x1d1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Region: id = 296 start_va = 0x7feffa10000 end_va = 0x7feffa5cfff monitored = 0 entry_point = 0x7feffa11070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 297 start_va = 0x7feff540000 end_va = 0x7feff547fff monitored = 0 entry_point = 0x7feff541504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 298 start_va = 0x1d20000 end_va = 0x1eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 299 start_va = 0xe0000 end_va = 0x11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 300 start_va = 0x430000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 301 start_va = 0x1d20000 end_va = 0x1e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 302 start_va = 0x1e70000 end_va = 0x1eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e70000" filename = "" Region: id = 303 start_va = 0x1ef0000 end_va = 0x26effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 304 start_va = 0x26f0000 end_va = 0x66effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026f0000" filename = "" Region: id = 305 start_va = 0x66f0000 end_va = 0x266effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066f0000" filename = "" Region: id = 306 start_va = 0x266f0000 end_va = 0x26eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000266f0000" filename = "" Region: id = 307 start_va = 0xc000000000 end_va = 0xc0003fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000c000000000" filename = "" Region: id = 308 start_va = 0x26ef0000 end_va = 0x276effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000026ef0000" filename = "" Region: id = 309 start_va = 0x450000 end_va = 0x461fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 310 start_va = 0x276f0000 end_va = 0x277effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000276f0000" filename = "" Region: id = 311 start_va = 0x120000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 312 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 313 start_va = 0x7fefd6c0000 end_va = 0x7fefd6cefff monitored = 0 entry_point = 0x7fefd6c1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 314 start_va = 0x7fefb770000 end_va = 0x7fefb79bfff monitored = 0 entry_point = 0x7fefb7715c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 315 start_va = 0x7fefef90000 end_va = 0x7feff166fff monitored = 0 entry_point = 0x7fefef91010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 316 start_va = 0x7fefd9b0000 end_va = 0x7fefd9e5fff monitored = 0 entry_point = 0x7fefd9b1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 317 start_va = 0x7feff550000 end_va = 0x7feff626fff monitored = 0 entry_point = 0x7feff553274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 318 start_va = 0x7fefdf10000 end_va = 0x7fefe112fff monitored = 0 entry_point = 0x7fefdf33330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 319 start_va = 0x7fefd990000 end_va = 0x7fefd9a9fff monitored = 0 entry_point = 0x7fefd991558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 320 start_va = 0x480000 end_va = 0x48cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 321 start_va = 0x27890000 end_va = 0x27a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000027890000" filename = "" Region: id = 322 start_va = 0x27b90000 end_va = 0x27d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000027b90000" filename = "" Region: id = 323 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 324 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 325 start_va = 0x720000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 326 start_va = 0x27e10000 end_va = 0x2800ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000027e10000" filename = "" Region: id = 327 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 328 start_va = 0x28170000 end_va = 0x2836ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000028170000" filename = "" Region: id = 329 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 330 start_va = 0x28430000 end_va = 0x2862ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000028430000" filename = "" Region: id = 331 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 332 start_va = 0x28630000 end_va = 0x288fefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 333 start_va = 0x7fefca60000 end_va = 0x7fefca66fff monitored = 0 entry_point = 0x7fefca614b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 334 start_va = 0x760000 end_va = 0x760fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 335 start_va = 0x7fefd050000 end_va = 0x7fefd056fff monitored = 0 entry_point = 0x7fefd05142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 336 start_va = 0x760000 end_va = 0x760fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 337 start_va = 0x7fef7330000 end_va = 0x7fef7338fff monitored = 0 entry_point = 0x7fef73327bc region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 338 start_va = 0x760000 end_va = 0x760fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 339 start_va = 0x7fef7290000 end_va = 0x7fef7298fff monitored = 0 entry_point = 0x7fef72927bc region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 340 start_va = 0x760000 end_va = 0x760fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 341 start_va = 0x28940000 end_va = 0x28b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000028940000" filename = "" Region: id = 342 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 343 start_va = 0x77a50000 end_va = 0x77a56fff monitored = 0 entry_point = 0x77a5106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 344 start_va = 0x1e20000 end_va = 0x1e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 345 start_va = 0x27a90000 end_va = 0x27b4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 346 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 347 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 348 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 349 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 350 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 351 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 352 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 353 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 354 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 355 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 356 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 357 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 358 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 359 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 360 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 361 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 362 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 363 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 364 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 365 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 366 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 367 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 368 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 369 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 370 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 371 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 372 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 373 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 374 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 375 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 376 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 377 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 378 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 379 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 380 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 381 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 382 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 383 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 384 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 385 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 386 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 387 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 388 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 389 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 390 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 391 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 392 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 393 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 394 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 395 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 396 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 397 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 398 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 399 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 400 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 401 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 402 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 403 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 404 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 405 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 406 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 407 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 408 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 409 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 410 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 411 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 412 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 413 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 414 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 415 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 416 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 417 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 418 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 419 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 420 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 421 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 422 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 423 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 424 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 425 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 426 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 427 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 428 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 429 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 430 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 431 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 432 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 433 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 434 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 435 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 436 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 437 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 438 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 439 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 440 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 441 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 442 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 443 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 444 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 445 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 446 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 447 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 448 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 449 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 450 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 451 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 452 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 453 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 454 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 455 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 456 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 457 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 458 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 459 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 460 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 461 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 462 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 463 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 464 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 465 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 466 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 467 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 468 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 469 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 470 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 471 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 472 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 473 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 474 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 475 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 476 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 477 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 478 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 479 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 480 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 481 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 482 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 483 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 484 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 485 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 486 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 487 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 488 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 489 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 490 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 491 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 492 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 493 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 494 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 495 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 496 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 497 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 498 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 499 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 500 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 501 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 502 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 503 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 504 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 505 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 506 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 507 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 508 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 509 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 510 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 511 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 512 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 513 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 514 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 515 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 516 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 517 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 518 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 519 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 520 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 521 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 522 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 523 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 524 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 525 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 526 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 527 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 528 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 529 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 530 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 531 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 532 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 533 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 534 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 535 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 536 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 537 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 538 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 539 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 540 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 541 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 542 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 543 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 544 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 545 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 546 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 547 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 548 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 549 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 550 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 551 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 552 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 553 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 554 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 555 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 556 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 557 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 558 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 559 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 560 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 561 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 562 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 563 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 564 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 565 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 566 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 567 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 568 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 569 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 570 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 571 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 572 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 573 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 574 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 575 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 576 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 577 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 578 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 579 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 580 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 581 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 582 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 583 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 584 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 585 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 586 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 587 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 588 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 589 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 590 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 591 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 592 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 593 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 594 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 595 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 596 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 597 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 598 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 599 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 600 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 601 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 602 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 603 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 604 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 605 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 606 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 607 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 608 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 609 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 610 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 611 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 612 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 613 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 614 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 615 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 616 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 617 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 618 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 619 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 620 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 621 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 622 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 623 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 624 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 625 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 626 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 627 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 628 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 629 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 630 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 631 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 632 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 633 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 634 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 635 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 636 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 637 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 638 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 639 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 640 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 641 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 642 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 643 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 644 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 645 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 646 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 647 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 648 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 649 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 650 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 651 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 652 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 653 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 654 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 655 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 656 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 657 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 658 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 659 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 660 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 661 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 662 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 663 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 664 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 665 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 666 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 667 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 668 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 669 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 670 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 671 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 672 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 673 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 674 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 675 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 676 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 677 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 678 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 679 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 680 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 681 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 682 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 683 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 684 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 685 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 686 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 687 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 688 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 689 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 690 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 691 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 692 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 693 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 694 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 695 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 696 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 697 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 698 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 699 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 700 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 701 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 702 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 703 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 704 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 705 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 706 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 707 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 708 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 709 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 710 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 711 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 712 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 713 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 714 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 715 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 716 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 717 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 718 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 719 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 720 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 721 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 722 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 723 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 724 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 725 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 726 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 727 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 728 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 729 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 730 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 731 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 732 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 733 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 734 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 735 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 736 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 737 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 738 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 739 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 740 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 741 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 742 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 743 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 744 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 745 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 746 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 747 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 748 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 749 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 750 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 751 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 752 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 753 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 754 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 755 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 756 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 757 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 758 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 759 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 760 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 761 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 762 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 763 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 764 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 765 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 766 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 767 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 768 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 769 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 770 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 771 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 772 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 773 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 774 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 775 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 776 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 777 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 778 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 779 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 780 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 781 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 782 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 783 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 784 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 785 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 786 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 787 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 788 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 789 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 790 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 791 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 792 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 793 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 794 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 795 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 796 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 797 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 798 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 799 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 800 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 801 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 802 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 803 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 804 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 805 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 806 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 807 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 808 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 809 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 810 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 811 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 812 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 813 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 814 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 815 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 816 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 817 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 818 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 819 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 820 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 821 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 822 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 823 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 824 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 825 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 826 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 827 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 828 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 829 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 830 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 831 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 832 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 833 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 834 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 835 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 836 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 837 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 838 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 839 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 840 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 841 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 842 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 843 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 844 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 845 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 846 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 847 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 848 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 849 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 850 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 851 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 852 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 853 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 854 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 855 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 856 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 857 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 858 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 859 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 860 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 861 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 862 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 863 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 864 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 865 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 866 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 867 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 868 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 869 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 870 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 871 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 872 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 873 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 874 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 875 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 876 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 877 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 878 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 879 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 880 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 881 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 882 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 883 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 884 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 885 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 886 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 887 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 888 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 889 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 890 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 891 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 892 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 893 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 894 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 895 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 896 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 897 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 898 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 899 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 900 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 901 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 902 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 903 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 904 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 905 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 906 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 907 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 908 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 909 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 910 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 911 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 912 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 913 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 914 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 915 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 916 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 917 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 918 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 919 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 920 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 921 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 922 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 923 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 924 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 925 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 926 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 927 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 928 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 929 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 930 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 931 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 932 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 933 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 934 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 935 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 936 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 937 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 938 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 939 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 940 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 941 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 942 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 943 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 944 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 945 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 946 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 947 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 948 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 949 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 950 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 951 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 952 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 953 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 954 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 955 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 956 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 957 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 958 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 959 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 960 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 961 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 962 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 963 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 964 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 965 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 966 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 967 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 968 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 969 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 970 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 971 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 972 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 973 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 974 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 975 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 976 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 977 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 978 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 979 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 980 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 981 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 982 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 983 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 984 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 985 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 986 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 987 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 988 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 989 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 990 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 991 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 992 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 993 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 994 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 995 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 996 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 997 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 998 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 999 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1000 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1001 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1002 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1003 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1004 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1005 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1006 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1007 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1008 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1009 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1010 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1011 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1012 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1013 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1014 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1015 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1016 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1017 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1018 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1019 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1020 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1021 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1022 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1023 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1024 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1025 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1026 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1027 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1028 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1029 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1030 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1031 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1032 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1033 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1034 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1035 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1036 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1037 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 1038 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1039 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1040 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1041 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1042 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1043 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1044 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1045 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1046 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1047 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1048 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1049 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1050 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1051 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1052 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1053 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1054 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1055 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1056 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1057 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1058 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1059 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1060 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1061 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1062 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1063 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1064 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1065 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1066 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1067 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 1068 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1069 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1070 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1071 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1072 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1073 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1074 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1075 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1076 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1077 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1078 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1079 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1080 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1081 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1082 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1083 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1084 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1085 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1086 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1087 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1088 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1089 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1090 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1091 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1092 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 1093 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1094 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1095 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1096 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1097 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1098 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1099 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1100 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1101 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1102 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1103 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1104 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1105 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1106 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1107 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1108 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1109 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1110 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1111 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1112 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 1113 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1114 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1115 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1116 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 1117 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1118 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1119 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1120 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 1121 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1122 start_va = 0x7fefcb70000 end_va = 0x7fefcb8dfff monitored = 0 entry_point = 0x7fefcb713b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1123 start_va = 0x7fefd7d0000 end_va = 0x7fefd7defff monitored = 0 entry_point = 0x7fefd7d19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1124 start_va = 0x7fefba20000 end_va = 0x7fefba35fff monitored = 0 entry_point = 0x7fefba211a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1125 start_va = 0x7fefba10000 end_va = 0x7fefba1bfff monitored = 0 entry_point = 0x7fefba118a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1126 start_va = 0x7fefd5c0000 end_va = 0x7fefd5e2fff monitored = 0 entry_point = 0x7fefd5c1198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1127 start_va = 0x7fefb9f0000 end_va = 0x7fefba04fff monitored = 0 entry_point = 0x7fefb9f1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1128 start_va = 0x28cc0000 end_va = 0x28ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000028cc0000" filename = "" Region: id = 1129 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1130 start_va = 0x7fefb9d0000 end_va = 0x7fefb9e3fff monitored = 0 entry_point = 0x7fefb9d16b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1131 start_va = 0x7fefc2b0000 end_va = 0x7fefc2ccfff monitored = 0 entry_point = 0x7fefc2b1ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1983 start_va = 0x7fefd060000 end_va = 0x7fefd0b4fff monitored = 0 entry_point = 0x7fefd061054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1984 start_va = 0x28010000 end_va = 0x2810ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000028010000" filename = "" Region: id = 1985 start_va = 0x7fefca60000 end_va = 0x7fefca66fff monitored = 0 entry_point = 0x7fefca614b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1986 start_va = 0x7fefd050000 end_va = 0x7fefd056fff monitored = 0 entry_point = 0x7fefd05142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1987 start_va = 0x7fefcee0000 end_va = 0x7fefcf3afff monitored = 0 entry_point = 0x7fefcee6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1988 start_va = 0x28b40000 end_va = 0x28c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000028b40000" filename = "" Region: id = 1989 start_va = 0x7fefb2c0000 end_va = 0x7fefb2e6fff monitored = 0 entry_point = 0x7fefb2c98bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1990 start_va = 0x7fefb2b0000 end_va = 0x7fefb2bafff monitored = 0 entry_point = 0x7fefb2b1198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1991 start_va = 0x7fefa770000 end_va = 0x7fefa777fff monitored = 0 entry_point = 0x7fefa771414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1992 start_va = 0x7fefaca0000 end_va = 0x7fefacf2fff monitored = 0 entry_point = 0x7fefaca2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1993 start_va = 0x28ec0000 end_va = 0x2903ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000028ec0000" filename = "" Region: id = 1994 start_va = 0x277f0000 end_va = 0x2782ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000277f0000" filename = "" Region: id = 1995 start_va = 0x291e0000 end_va = 0x293dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000291e0000" filename = "" Region: id = 1996 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1997 start_va = 0x27830000 end_va = 0x2786ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000027830000" filename = "" Region: id = 1998 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1999 start_va = 0x760000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 2000 start_va = 0x1e60000 end_va = 0x1e6dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 2001 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2002 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2003 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2004 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2005 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2006 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2007 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2008 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2009 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2010 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2011 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2012 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2013 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2014 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2015 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2016 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2017 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2018 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2019 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2020 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2021 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2022 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2023 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2024 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2025 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2026 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2027 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2028 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2029 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2030 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2031 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2032 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2033 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2034 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2035 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2036 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2037 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2038 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2039 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2040 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2041 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2042 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2043 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2044 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2045 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2046 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2047 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2048 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2049 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2050 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2051 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2052 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2053 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2054 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2055 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2056 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2057 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2058 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2059 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2060 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2061 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2062 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2063 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2064 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2065 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2066 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2067 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2068 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2069 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2070 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2071 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2072 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2073 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2074 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2075 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2076 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2077 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2078 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2079 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2080 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2081 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2082 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2083 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2084 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2085 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2086 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2087 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2088 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2089 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2090 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2091 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2092 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2093 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2094 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2095 start_va = 0x760000 end_va = 0x76dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Thread: id = 1 os_tid = 0xd78 [0069.372] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x77660000 [0069.374] GetProcAddress (hModule=0x77660000, lpProcName="AddAtomA") returned 0x776c6a10 [0069.374] GetProcAddress (hModule=0x77660000, lpProcName="AddVectoredExceptionHandler") returned 0x77963ad0 [0069.375] GetProcAddress (hModule=0x77660000, lpProcName="AreFileApisANSI") returned 0x776ac9b0 [0069.375] GetProcAddress (hModule=0x77660000, lpProcName="CloseHandle") returned 0x77681960 [0069.375] GetProcAddress (hModule=0x77660000, lpProcName="CreateEventA") returned 0x776705c0 [0069.375] GetProcAddress (hModule=0x77660000, lpProcName="CreateFileA") returned 0x77681bd0 [0069.375] GetProcAddress (hModule=0x77660000, lpProcName="CreateFileMappingA") returned 0x7766df70 [0069.375] GetProcAddress (hModule=0x77660000, lpProcName="CreateFileMappingW") returned 0x7766ee90 [0069.375] GetProcAddress (hModule=0x77660000, lpProcName="CreateFileW") returned 0x77670d10 [0069.375] GetProcAddress (hModule=0x77660000, lpProcName="CreateIoCompletionPort") returned 0x77664f80 [0069.375] GetProcAddress (hModule=0x77660000, lpProcName="CreateMutexA") returned 0x776766b0 [0069.375] GetProcAddress (hModule=0x77660000, lpProcName="CreateMutexW") returned 0x77670860 [0069.376] GetProcAddress (hModule=0x77660000, lpProcName="CreateSemaphoreA") returned 0x7766e020 [0069.376] GetProcAddress (hModule=0x77660000, lpProcName="CreateThread") returned 0x77675a20 [0069.376] GetProcAddress (hModule=0x77660000, lpProcName="CreateWaitableTimerA") returned 0x776c0e90 [0069.376] GetProcAddress (hModule=0x77660000, lpProcName="CreateWaitableTimerExW") returned 0x776ac880 [0069.376] GetProcAddress (hModule=0x77660000, lpProcName="DeleteAtom") returned 0x776c6a00 [0069.376] GetProcAddress (hModule=0x77660000, lpProcName="DeleteCriticalSection") returned 0x778a5350 [0069.376] GetProcAddress (hModule=0x77660000, lpProcName="DeleteFileA") returned 0x77670980 [0069.377] GetProcAddress (hModule=0x77660000, lpProcName="DeleteFileW") returned 0x7766a230 [0069.377] GetProcAddress (hModule=0x77660000, lpProcName="DuplicateHandle") returned 0x776751b0 [0069.377] GetProcAddress (hModule=0x77660000, lpProcName="EnterCriticalSection") returned 0x778d2fc0 [0069.377] GetProcAddress (hModule=0x77660000, lpProcName="ExitProcess") returned 0x778a40f0 [0069.377] GetProcAddress (hModule=0x77660000, lpProcName="FindAtomA") returned 0x77663650 [0069.377] GetProcAddress (hModule=0x77660000, lpProcName="FlushFileBuffers") returned 0x776660d0 [0069.377] GetProcAddress (hModule=0x77660000, lpProcName="FlushViewOfFile") returned 0x776ac670 [0069.377] GetProcAddress (hModule=0x77660000, lpProcName="FormatMessageA") returned 0x776ac610 [0069.377] GetProcAddress (hModule=0x77660000, lpProcName="FormatMessageW") returned 0x77672ce0 [0069.377] GetProcAddress (hModule=0x77660000, lpProcName="FreeEnvironmentStringsW") returned 0x776761a0 [0069.378] GetProcAddress (hModule=0x77660000, lpProcName="FreeLibrary") returned 0x77675ac0 [0069.378] GetProcAddress (hModule=0x77660000, lpProcName="GetAtomNameA") returned 0x776c69d0 [0069.378] GetProcAddress (hModule=0x77660000, lpProcName="GetConsoleMode") returned 0x77681840 [0069.378] GetProcAddress (hModule=0x77660000, lpProcName="GetCurrentProcess") returned 0x77675190 [0069.378] GetProcAddress (hModule=0x77660000, lpProcName="GetCurrentProcessId") returned 0x77674ef0 [0069.378] GetProcAddress (hModule=0x77660000, lpProcName="GetCurrentThread") returned 0x776733c0 [0069.378] GetProcAddress (hModule=0x77660000, lpProcName="GetCurrentThreadId") returned 0x77673380 [0069.378] GetProcAddress (hModule=0x77660000, lpProcName="GetDiskFreeSpaceA") returned 0x776ac520 [0069.378] GetProcAddress (hModule=0x77660000, lpProcName="GetDiskFreeSpaceW") returned 0x776ac4f0 [0069.378] GetProcAddress (hModule=0x77660000, lpProcName="GetEnvironmentStringsW") returned 0x776761c0 [0069.378] GetProcAddress (hModule=0x77660000, lpProcName="GetFileAttributesA") returned 0x77670880 [0069.379] GetProcAddress (hModule=0x77660000, lpProcName="GetFileAttributesExW") returned 0x7766ac40 [0069.379] GetProcAddress (hModule=0x77660000, lpProcName="GetFileAttributesW") returned 0x7767b200 [0069.379] GetProcAddress (hModule=0x77660000, lpProcName="GetFileSize") returned 0x7766ee70 [0069.379] GetProcAddress (hModule=0x77660000, lpProcName="GetFullPathNameA") returned 0x77682050 [0069.379] GetProcAddress (hModule=0x77660000, lpProcName="GetFullPathNameW") returned 0x77676b80 [0069.379] GetProcAddress (hModule=0x77660000, lpProcName="GetHandleInformation") returned 0x776d3060 [0069.379] GetProcAddress (hModule=0x77660000, lpProcName="GetLastError") returned 0x776817b0 [0069.379] GetProcAddress (hModule=0x77660000, lpProcName="GetProcAddress") returned 0x77682070 [0069.379] GetProcAddress (hModule=0x77660000, lpProcName="GetProcessAffinityMask") returned 0x77662970 [0069.379] GetProcAddress (hModule=0x77660000, lpProcName="GetProcessHeap") returned 0x77681a30 [0069.379] GetProcAddress (hModule=0x77660000, lpProcName="GetQueuedCompletionStatusEx") returned 0x776ac430 [0069.380] GetProcAddress (hModule=0x77660000, lpProcName="GetStartupInfoA") returned 0x77680940 [0069.380] GetProcAddress (hModule=0x77660000, lpProcName="GetStdHandle") returned 0x7767cb80 [0069.380] GetProcAddress (hModule=0x77660000, lpProcName="GetSystemDirectoryA") returned 0x77678900 [0069.380] GetProcAddress (hModule=0x77660000, lpProcName="GetSystemInfo") returned 0x77676410 [0069.380] GetProcAddress (hModule=0x77660000, lpProcName="GetSystemTime") returned 0x77681f20 [0069.380] GetProcAddress (hModule=0x77660000, lpProcName="GetSystemTimeAsFileTime") returned 0x776733e0 [0069.380] GetProcAddress (hModule=0x77660000, lpProcName="GetTempPathA") returned 0x776c2110 [0069.380] GetProcAddress (hModule=0x77660000, lpProcName="GetTempPathW") returned 0x776c20f0 [0069.380] GetProcAddress (hModule=0x77660000, lpProcName="GetThreadContext") returned 0x77662a40 [0069.380] GetProcAddress (hModule=0x77660000, lpProcName="GetThreadPriority") returned 0x77678bf0 [0069.380] GetProcAddress (hModule=0x77660000, lpProcName="GetTickCount") returned 0x77681500 [0069.381] GetProcAddress (hModule=0x77660000, lpProcName="GetVersionExA") returned 0x77676560 [0069.381] GetProcAddress (hModule=0x77660000, lpProcName="GetVersionExW") returned 0x7766cdb0 [0069.381] GetProcAddress (hModule=0x77660000, lpProcName="HeapAlloc") returned 0x778d33a0 [0069.381] GetProcAddress (hModule=0x77660000, lpProcName="HeapCompact") returned 0x776ac380 [0069.381] GetProcAddress (hModule=0x77660000, lpProcName="HeapCreate") returned 0x77676580 [0069.381] GetProcAddress (hModule=0x77660000, lpProcName="HeapDestroy") returned 0x77670930 [0069.381] GetProcAddress (hModule=0x77660000, lpProcName="HeapFree") returned 0x77681a50 [0069.381] GetProcAddress (hModule=0x77660000, lpProcName="HeapReAlloc") returned 0x778b3f20 [0069.381] GetProcAddress (hModule=0x77660000, lpProcName="HeapSize") returned 0x778a82d0 [0069.381] GetProcAddress (hModule=0x77660000, lpProcName="HeapValidate") returned 0x77670580 [0069.381] GetProcAddress (hModule=0x77660000, lpProcName="InitializeCriticalSection") returned 0x778a8100 [0069.382] GetProcAddress (hModule=0x77660000, lpProcName="IsDBCSLeadByteEx") returned 0x77662950 [0069.382] GetProcAddress (hModule=0x77660000, lpProcName="IsDebuggerPresent") returned 0x77667900 [0069.382] GetProcAddress (hModule=0x77660000, lpProcName="LeaveCriticalSection") returned 0x778d3000 [0069.382] GetProcAddress (hModule=0x77660000, lpProcName="LoadLibraryA") returned 0x77676510 [0069.382] GetProcAddress (hModule=0x77660000, lpProcName="LoadLibraryW") returned 0x77676420 [0069.382] GetProcAddress (hModule=0x77660000, lpProcName="LocalFree") returned 0x77673c40 [0069.382] GetProcAddress (hModule=0x77660000, lpProcName="LockFile") returned 0x776ac2b0 [0069.382] GetProcAddress (hModule=0x77660000, lpProcName="LockFileEx") returned 0x776ac280 [0069.382] GetProcAddress (hModule=0x77660000, lpProcName="MapViewOfFile") returned 0x7766d830 [0069.382] GetProcAddress (hModule=0x77660000, lpProcName="MultiByteToWideChar") returned 0x77674ff0 [0069.383] GetProcAddress (hModule=0x77660000, lpProcName="OpenProcess") returned 0x7767bf00 [0069.383] GetProcAddress (hModule=0x77660000, lpProcName="OutputDebugStringA") returned 0x776648d0 [0069.383] GetProcAddress (hModule=0x77660000, lpProcName="OutputDebugStringW") returned 0x7766ac00 [0069.383] GetProcAddress (hModule=0x77660000, lpProcName="PostQueuedCompletionStatus") returned 0x776699a0 [0069.383] GetProcAddress (hModule=0x77660000, lpProcName="QueryPerformanceCounter") returned 0x776759a0 [0069.383] GetProcAddress (hModule=0x77660000, lpProcName="QueryPerformanceFrequency") returned 0x7766e0d0 [0069.383] GetProcAddress (hModule=0x77660000, lpProcName="RaiseException") returned 0x7766c3b0 [0069.383] GetProcAddress (hModule=0x77660000, lpProcName="ReadFile") returned 0x776709a0 [0069.383] GetProcAddress (hModule=0x77660000, lpProcName="ReleaseMutex") returned 0x77681590 [0069.383] GetProcAddress (hModule=0x77660000, lpProcName="ReleaseSemaphore") returned 0x77678c10 [0069.383] GetProcAddress (hModule=0x77660000, lpProcName="RemoveVectoredExceptionHandler") returned 0x7794c2d0 [0069.384] GetProcAddress (hModule=0x77660000, lpProcName="ResetEvent") returned 0x7766ce40 [0069.384] GetProcAddress (hModule=0x77660000, lpProcName="ResumeThread") returned 0x77670840 [0069.384] GetProcAddress (hModule=0x77660000, lpProcName="SetConsoleCtrlHandler") returned 0x776763a0 [0069.384] GetProcAddress (hModule=0x77660000, lpProcName="SetEndOfFile") returned 0x776ac150 [0069.384] GetProcAddress (hModule=0x77660000, lpProcName="SetErrorMode") returned 0x7767b1f0 [0069.384] GetProcAddress (hModule=0x77660000, lpProcName="SetEvent") returned 0x776733a0 [0069.384] GetProcAddress (hModule=0x77660000, lpProcName="SetFilePointer") returned 0x776705f0 [0069.384] GetProcAddress (hModule=0x77660000, lpProcName="SetLastError") returned 0x776817d0 [0069.384] GetProcAddress (hModule=0x77660000, lpProcName="SetProcessAffinityMask") returned 0x776acc80 [0069.384] GetProcAddress (hModule=0x77660000, lpProcName="SetProcessPriorityBoost") returned 0x776acc30 [0069.384] GetProcAddress (hModule=0x77660000, lpProcName="SetThreadContext") returned 0x77662a10 [0069.385] GetProcAddress (hModule=0x77660000, lpProcName="SetThreadPriority") returned 0x7767cdc0 [0069.385] GetProcAddress (hModule=0x77660000, lpProcName="SetUnhandledExceptionFilter") returned 0x77679020 [0069.385] GetProcAddress (hModule=0x77660000, lpProcName="SetWaitableTimer") returned 0x77667f00 [0069.385] GetProcAddress (hModule=0x77660000, lpProcName="Sleep") returned 0x77681570 [0069.385] GetProcAddress (hModule=0x77660000, lpProcName="SuspendThread") returned 0x77662a60 [0069.385] GetProcAddress (hModule=0x77660000, lpProcName="SwitchToThread") returned 0x7766ab60 [0069.385] GetProcAddress (hModule=0x77660000, lpProcName="SystemTimeToFileTime") returned 0x77681f40 [0069.385] GetProcAddress (hModule=0x77660000, lpProcName="TlsAlloc") returned 0x776765a0 [0069.385] GetProcAddress (hModule=0x77660000, lpProcName="TlsGetValue") returned 0x776815d0 [0069.385] GetProcAddress (hModule=0x77660000, lpProcName="TlsSetValue") returned 0x77675170 [0069.386] GetProcAddress (hModule=0x77660000, lpProcName="TryEnterCriticalSection") returned 0x778a5320 [0069.386] GetProcAddress (hModule=0x77660000, lpProcName="UnlockFile") returned 0x776ac010 [0069.386] GetProcAddress (hModule=0x77660000, lpProcName="UnlockFileEx") returned 0x776abff0 [0069.386] GetProcAddress (hModule=0x77660000, lpProcName="UnmapViewOfFile") returned 0x77681f60 [0069.386] GetProcAddress (hModule=0x77660000, lpProcName="VirtualAlloc") returned 0x77675c40 [0069.386] GetProcAddress (hModule=0x77660000, lpProcName="VirtualFree") returned 0x77670700 [0069.386] GetProcAddress (hModule=0x77660000, lpProcName="VirtualProtect") returned 0x776629f0 [0069.386] GetProcAddress (hModule=0x77660000, lpProcName="VirtualQuery") returned 0x7767b170 [0069.386] GetProcAddress (hModule=0x77660000, lpProcName="WaitForMultipleObjects") returned 0x77670610 [0069.386] GetProcAddress (hModule=0x77660000, lpProcName="WaitForSingleObject") returned 0x77681520 [0069.387] GetProcAddress (hModule=0x77660000, lpProcName="WaitForSingleObjectEx") returned 0x776819d0 [0069.387] GetProcAddress (hModule=0x77660000, lpProcName="WideCharToMultiByte") returned 0x77681fd0 [0069.387] GetProcAddress (hModule=0x77660000, lpProcName="WriteConsoleW") returned 0x776731e0 [0069.387] GetProcAddress (hModule=0x77660000, lpProcName="WriteFile") returned 0x77681f80 [0069.387] GetProcAddress (hModule=0x77660000, lpProcName="__C_specific_handler") returned 0x7789850c [0069.387] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x7feff7d0000 [0069.387] GetProcAddress (hModule=0x7feff7d0000, lpProcName="___lc_codepage_func") returned 0x7feff7d4c50 [0069.388] GetProcAddress (hModule=0x7feff7d0000, lpProcName="___mb_cur_max_func") returned 0x7feff810f90 [0069.388] GetProcAddress (hModule=0x7feff7d0000, lpProcName="__getmainargs") returned 0x7feff7db1b0 [0069.388] GetProcAddress (hModule=0x7feff7d0000, lpProcName="__initenv") returned 0x7feff861188 [0069.388] GetProcAddress (hModule=0x7feff7d0000, lpProcName="__iob_func") returned 0x7feff7e2d90 [0069.388] GetProcAddress (hModule=0x7feff7d0000, lpProcName="__lconv_init") returned 0x7feff811ba8 [0069.388] GetProcAddress (hModule=0x7feff7d0000, lpProcName="__set_app_type") returned 0x7feff7db088 [0069.388] GetProcAddress (hModule=0x7feff7d0000, lpProcName="__setusermatherr") returned 0x7feff83da94 [0069.388] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_acmdln") returned 0x7feff8610b0 [0069.388] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_amsg_exit") returned 0x7feff81c260 [0069.388] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_beginthread") returned 0x7feff81c430 [0069.389] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_beginthreadex") returned 0x7feff7d7328 [0069.389] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_cexit") returned 0x7feff7e4640 [0069.389] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_commode") returned 0x7feff861280 [0069.389] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_endthreadex") returned 0x7feff7d4334 [0069.389] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_errno") returned 0x7feff7d1918 [0069.389] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_fmode") returned 0x7feff86127c [0069.389] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_initterm") returned 0x7feff7d44f0 [0069.389] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_localtime64") returned 0x7feff7d5ee0 [0069.389] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_lock") returned 0x7feff7d1530 [0069.389] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_memccpy") returned 0x7feff83610c [0069.390] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_onexit") returned 0x7feff7e4f58 [0069.390] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_setjmp") returned 0x7feff7d3f50 [0069.390] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_strdup") returned 0x7feff7e44d0 [0069.390] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_ultoa") returned 0x7feff7d6678 [0069.390] GetProcAddress (hModule=0x7feff7d0000, lpProcName="_unlock") returned 0x7feff7d1510 [0069.390] GetProcAddress (hModule=0x7feff7d0000, lpProcName="abort") returned 0x7feff8155bc [0069.390] GetProcAddress (hModule=0x7feff7d0000, lpProcName="calloc") returned 0x7feff7d1c94 [0069.390] GetProcAddress (hModule=0x7feff7d0000, lpProcName="exit") returned 0x7feff7d99f4 [0069.390] GetProcAddress (hModule=0x7feff7d0000, lpProcName="fprintf") returned 0x7feff7d90fc [0069.390] GetProcAddress (hModule=0x7feff7d0000, lpProcName="fputc") returned 0x7feff82c3fc [0069.390] GetProcAddress (hModule=0x7feff7d0000, lpProcName="free") returned 0x7feff7d10a8 [0069.391] GetProcAddress (hModule=0x7feff7d0000, lpProcName="fwrite") returned 0x7feff7e4180 [0069.391] GetProcAddress (hModule=0x7feff7d0000, lpProcName="localeconv") returned 0x7feff815a0c [0069.391] GetProcAddress (hModule=0x7feff7d0000, lpProcName="longjmp") returned 0x7feff7de4e0 [0069.391] GetProcAddress (hModule=0x7feff7d0000, lpProcName="malloc") returned 0x7feff7d12dc [0069.391] GetProcAddress (hModule=0x7feff7d0000, lpProcName="memcmp") returned 0x7feff7d1270 [0069.391] GetProcAddress (hModule=0x7feff7d0000, lpProcName="memcpy") returned 0x7feff7d10e0 [0069.391] GetProcAddress (hModule=0x7feff7d0000, lpProcName="memmove") returned 0x7feff7d10e0 [0069.391] GetProcAddress (hModule=0x7feff7d0000, lpProcName="memset") returned 0x7feff7d1000 [0069.392] GetProcAddress (hModule=0x7feff7d0000, lpProcName="printf") returned 0x7feff7d7e28 [0069.392] GetProcAddress (hModule=0x7feff7d0000, lpProcName="qsort") returned 0x7feff7d6f20 [0069.392] GetProcAddress (hModule=0x7feff7d0000, lpProcName="realloc") returned 0x7feff7d4860 [0069.392] GetProcAddress (hModule=0x7feff7d0000, lpProcName="signal") returned 0x7feff81167c [0069.392] GetProcAddress (hModule=0x7feff7d0000, lpProcName="strcmp") returned 0x7feff7e5ac0 [0069.392] GetProcAddress (hModule=0x7feff7d0000, lpProcName="strcspn") returned 0x7feff7d5c50 [0069.393] GetProcAddress (hModule=0x7feff7d0000, lpProcName="strerror") returned 0x7feff816094 [0069.393] GetProcAddress (hModule=0x7feff7d0000, lpProcName="strlen") returned 0x7feff7e5b70 [0069.393] GetProcAddress (hModule=0x7feff7d0000, lpProcName="strncmp") returned 0x7feff7d1710 [0069.393] GetProcAddress (hModule=0x7feff7d0000, lpProcName="strrchr") returned 0x7feff7d95b0 [0069.393] GetProcAddress (hModule=0x7feff7d0000, lpProcName="strspn") returned 0x7feff837a80 [0069.393] GetProcAddress (hModule=0x7feff7d0000, lpProcName="vfprintf") returned 0x7feff82a514 [0069.393] GetProcAddress (hModule=0x7feff7d0000, lpProcName="wcslen") returned 0x7feff837d0c [0069.399] VirtualProtect (in: lpAddress=0x13f090000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x32f7f0 | out: lpflOldProtect=0x32f7f0*=0x2) returned 1 [0070.863] VirtualProtect (in: lpAddress=0x13f090000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x32f7f0 | out: lpflOldProtect=0x32f7f0*=0x4) returned 1 [0071.006] RtlAddVectoredExceptionHandler (FirstHandler=0x1, VectoredHandler=0x13f81fb90) returned 0x494cb0 [0072.983] __set_app_type (_Type=0x1) [0072.984] __getmainargs (in: _Argc=0x13fc6e038, _Argv=0x13fc6e030, _Env=0x13fc6e028, _DoWildCard=-1, _StartInfo=0x13fc6e018 | out: _Argc=0x13fc6e038, _Argv=0x13fc6e030, _Env=0x13fc6e028) returned 0 [0072.987] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13f81efe0) returned 0x0 [0074.522] malloc (_Size=0x10) returned 0x785e80 [0074.523] strlen (_Str="C:\\Users\\kEecfMwgj\\Desktop\\SecuriteInfo.com.Trojan-PSW.Agent.26016.exe") returned 0x46 [0074.523] malloc (_Size=0x47) returned 0x785ec0 [0074.523] memcpy (in: _Dst=0x785ec0, _Src=0x33dbd1, _Size=0x47 | out: _Dst=0x785ec0) returned 0x785ec0 [0074.759] _onexit (_Func=0x13f091530) returned 0x13f091530 [0076.717] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77660000 [0076.742] GetProcAddress (hModule=0x77660000, lpProcName="AddDllDirectory") returned 0x7fefd945478 [0076.742] GetProcAddress (hModule=0x77660000, lpProcName="AddVectoredContinueHandler") returned 0x77963ae0 [0076.742] GetProcAddress (hModule=0x77660000, lpProcName="LoadLibraryExA") returned 0x7766d850 [0076.743] GetProcAddress (hModule=0x77660000, lpProcName="LoadLibraryExW") returned 0x77675ae0 [0076.743] GetSystemDirectoryA (in: lpBuffer=0x13fcc88e0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0076.743] LoadLibraryExA (lpLibFileName="advapi32.dll", hFile=0x0, dwFlags=0x800) returned 0x7feff870000 [0078.189] GetProcAddress (hModule=0x7feff870000, lpProcName="SystemFunction036") returned 0x7feff871044 [0078.253] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x800) returned 0x77880000 [0078.253] GetProcAddress (hModule=0x77880000, lpProcName="NtWaitForSingleObject") returned 0x778d1350 [0078.253] GetProcAddress (hModule=0x77880000, lpProcName="RtlGetCurrentPeb") returned 0x779305f0 [0078.254] GetProcAddress (hModule=0x77880000, lpProcName="RtlGetNtVersionNumbers") returned 0x778c5160 [0078.254] LoadLibraryExA (lpLibFileName="winmm.dll", hFile=0x0, dwFlags=0x800) returned 0x7fef9280000 [0078.329] GetProcAddress (hModule=0x7fef9280000, lpProcName="timeBeginPeriod") returned 0x7fef928a648 [0078.329] GetProcAddress (hModule=0x7fef9280000, lpProcName="timeEndPeriod") returned 0x7fef928a768 [0078.329] LoadLibraryExA (lpLibFileName="ws2_32.dll", hFile=0x0, dwFlags=0x800) returned 0x7feffa10000 [0078.336] GetProcAddress (hModule=0x7feffa10000, lpProcName="WSAGetOverlappedResult") returned 0x7feffa37a50 [0078.337] GetProcAddress (hModule=0x77880000, lpProcName="wine_get_version") returned 0x0 [0078.359] SetErrorMode (uMode=0x2) returned 0x0 [0079.756] SetErrorMode (uMode=0x8003) returned 0x2 [0079.757] RtlAddVectoredExceptionHandler (FirstHandler=0x1, VectoredHandler=0x13f0edd60) returned 0x4a88d0 [0079.757] RtlAddVectoredContinueHandler () returned 0x4a8900 [0079.757] RtlAddVectoredContinueHandler () returned 0x4a8930 [0079.778] CreateWaitableTimerExW (lpTimerAttributes=0x0, lpTimerName=0x0, dwFlags=0x2, dwDesiredAccess=0x100003) returned 0x0 [0079.779] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0079.781] RtlGetNtVersionNumbers () returned 0x778c5160 [0079.782] GetProcessAffinityMask (in: hProcess=0xffffffffffffffff, lpProcessAffinityMask=0x32f600, lpSystemAffinityMask=0x32f5f8 | out: lpProcessAffinityMask=0x32f600, lpSystemAffinityMask=0x32f5f8) returned 1 [0081.393] GetSystemInfo (in: lpSystemInfo=0x32f670 | out: lpSystemInfo=0x32f670*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x6a06)) [0081.393] SetProcessPriorityBoost (hProcess=0xffffffffffffffff, bDisablePriorityBoost=1) returned 1 [0081.763] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000 [0081.784] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x2000, flProtect=0x4) returned 0x430000 [0081.785] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x4) returned 0x1d20000 [0081.785] VirtualAlloc (lpAddress=0x0, dwSize=0x800000, flAllocationType=0x2000, flProtect=0x4) returned 0x1ef0000 [0081.785] VirtualAlloc (lpAddress=0x0, dwSize=0x4000000, flAllocationType=0x2000, flProtect=0x4) returned 0x26f0000 [0081.787] VirtualAlloc (lpAddress=0x0, dwSize=0x20000000, flAllocationType=0x2000, flProtect=0x4) returned 0x66f0000 [0081.807] VirtualAlloc (lpAddress=0x0, dwSize=0x800000, flAllocationType=0x2000, flProtect=0x4) returned 0x266f0000 [0082.132] VirtualAlloc (lpAddress=0xc000000000, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x4) returned 0xc000000000 [0082.133] VirtualAlloc (lpAddress=0x0, dwSize=0x800000, flAllocationType=0x3000, flProtect=0x4) returned 0x26ef0000 [0082.195] VirtualAlloc (lpAddress=0x0, dwSize=0x114d0, flAllocationType=0x3000, flProtect=0x4) returned 0x450000 [0082.296] VirtualAlloc (lpAddress=0x430000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x430000 [0082.298] VirtualAlloc (lpAddress=0x1da0000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1da0000 [0082.299] VirtualAlloc (lpAddress=0x22f6000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x22f6000 [0082.299] VirtualAlloc (lpAddress=0x4720000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x4720000 [0082.300] VirtualAlloc (lpAddress=0x16870000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x16870000 [0082.300] VirtualAlloc (lpAddress=0x266f0000, dwSize=0x407000, flAllocationType=0x1000, flProtect=0x4) returned 0x266f0000 [0082.332] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x4) returned 0x276f0000 [0082.400] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x3000, flProtect=0x4) returned 0x120000 [0082.423] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x3000, flProtect=0x4) returned 0x470000 [0082.424] VirtualAlloc (lpAddress=0xc000000000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000000000 [0082.622] VirtualAlloc (lpAddress=0xc000002000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000002000 [0082.623] VirtualAlloc (lpAddress=0xc000004000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000004000 [0082.688] SystemFunction036 (in: RandomBuffer=0x13fcc81a0, RandomBufferLength=0x80 | out: RandomBuffer=0x13fcc81a0) returned 1 [0082.719] SystemFunction036 (in: RandomBuffer=0x13fcc77c8, RandomBufferLength=0x8 | out: RandomBuffer=0x13fcc77c8) returned 1 [0082.741] VirtualAlloc (lpAddress=0xc000006000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000006000 [0082.767] VirtualAlloc (lpAddress=0xc000008000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000008000 [0082.767] VirtualAlloc (lpAddress=0xc00000a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00000a000 [0082.833] GetEnvironmentStringsW () returned 0x4ae790* [0082.834] VirtualAlloc (lpAddress=0xc00000c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00000c000 [0082.875] VirtualAlloc (lpAddress=0xc00000e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00000e000 [0082.876] VirtualAlloc (lpAddress=0xc000010000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000010000 [0082.876] VirtualAlloc (lpAddress=0xc000012000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000012000 [0082.877] VirtualAlloc (lpAddress=0xc000014000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000014000 [0082.878] VirtualAlloc (lpAddress=0xc000016000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000016000 [0082.878] VirtualAlloc (lpAddress=0xc000018000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000018000 [0082.878] VirtualAlloc (lpAddress=0xc00001a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00001a000 [0082.879] VirtualAlloc (lpAddress=0xc00001c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00001c000 [0082.879] FreeEnvironmentStringsW (penv=0x4ae790) returned 1 [0082.952] VirtualAlloc (lpAddress=0xc00001e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00001e000 [0083.052] VirtualAlloc (lpAddress=0xc000020000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000020000 [0083.086] SetConsoleCtrlHandler (HandlerRoutine=0x13f0efac0, Add=1) returned 1 [0083.130] LoadLibraryExA (lpLibFileName="powrprof.dll", hFile=0x0, dwFlags=0x800) returned 0x7fefb770000 [0083.376] GetProcAddress (hModule=0x7fefb770000, lpProcName="PowerRegisterSuspendResumeNotification") returned 0x0 [0083.474] VirtualAlloc (lpAddress=0xc000022000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000022000 [0083.475] VirtualAlloc (lpAddress=0xc000024000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000024000 [0083.567] VirtualAlloc (lpAddress=0xc000032000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000032000 [0083.588] VirtualAlloc (lpAddress=0xc000034000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000034000 [0083.702] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x32f5f8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x32f5f8*=0x8c) returned 1 [0083.702] VirtualQuery (in: lpAddress=0x32f600, lpBuffer=0x32f600, dwLength=0x30 | out: lpBuffer=0x32f600*(BaseAddress=0x32f000, AllocationBase=0x130000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0083.722] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0083.724] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0083.871] malloc (_Size=0x18) returned 0x785ae0 [0083.872] _beginthread (_StartAddress=0x13f819980, _StackSize=0x0, _ArgList=0x785ae0) returned 0x90 [0083.904] malloc (_Size=0x18) returned 0x785b00 [0083.904] _beginthread (_StartAddress=0x13f819980, _StackSize=0x0, _ArgList=0x785b00) returned 0x94 [0083.994] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0083.995] VirtualAlloc (lpAddress=0xc000048000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000048000 [0084.017] VirtualAlloc (lpAddress=0xc00004a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004a000 [0084.017] malloc (_Size=0x18) returned 0x785ae0 [0084.017] _beginthread (_StartAddress=0x13f819980, _StackSize=0x0, _ArgList=0x785ae0) returned 0x9c [0084.028] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa0 [0084.028] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa4 [0084.028] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0084.111] VirtualAlloc (lpAddress=0xc000086000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000086000 [0084.155] malloc (_Size=0x18) returned 0x785ae0 [0084.155] _beginthread (_StartAddress=0x13f819980, _StackSize=0x0, _ArgList=0x785ae0) returned 0xd0 [0084.208] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xd4 [0084.208] SetEvent (hEvent=0xd4) returned 1 [0084.249] VirtualAlloc (lpAddress=0xc000088000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000088000 [0084.250] VirtualAlloc (lpAddress=0xc00008a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00008a000 [0084.251] VirtualAlloc (lpAddress=0xc00008c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00008c000 [0084.251] VirtualAlloc (lpAddress=0xc00008e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00008e000 [0084.320] SetEvent (hEvent=0xc8) returned 1 [0084.320] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0084.344] VirtualAlloc (lpAddress=0xc000090000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000090000 [0084.458] VirtualAlloc (lpAddress=0xc000092000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000092000 [0084.458] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0084.479] VirtualAlloc (lpAddress=0xc000096000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000096000 [0084.535] VirtualAlloc (lpAddress=0xc000098000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000098000 [0084.536] VirtualAlloc (lpAddress=0xc00009a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00009a000 [0084.579] VirtualAlloc (lpAddress=0xc00009e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00009e000 [0084.579] VirtualAlloc (lpAddress=0xc0000a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a0000 [0084.643] SetEvent (hEvent=0xc8) returned 1 [0084.643] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0084.958] SetEvent (hEvent=0xc8) returned 1 [0084.958] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0084.960] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0084.981] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0084.982] VirtualAlloc (lpAddress=0xc0000a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a6000 [0085.285] SetEvent (hEvent=0xc8) returned 1 [0085.285] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0085.413] VirtualAlloc (lpAddress=0xc0000a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a8000 [0085.497] SetEvent (hEvent=0xc8) returned 1 [0085.498] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0085.599] VirtualAlloc (lpAddress=0xc0000aa000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000aa000 [0085.805] SetEvent (hEvent=0xc8) returned 1 [0085.806] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0086.150] SetEvent (hEvent=0xc8) returned 1 [0086.150] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0086.255] VirtualAlloc (lpAddress=0xc0000b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b2000 [0086.468] SetEvent (hEvent=0xc8) returned 1 [0086.468] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0086.679] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x800) returned 0x77660000 [0086.702] SetEvent (hEvent=0xc8) returned 1 [0086.702] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0086.724] GetProcAddress (hModule=0x77660000, lpProcName="GetStdHandle") returned 0x7767cb80 [0086.725] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0086.725] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0086.725] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0086.912] VirtualAlloc (lpAddress=0xc0000b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b4000 [0086.913] GetProcAddress (hModule=0x77660000, lpProcName="GetSystemDirectoryW") returned 0x776765c0 [0086.913] GetSystemDirectoryW (in: lpBuffer=0xc0000b4000, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.019] SetEvent (hEvent=0xc8) returned 1 [0087.019] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0087.163] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0087.257] SetEvent (hEvent=0xc8) returned 1 [0087.257] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0087.636] SetEvent (hEvent=0xc8) returned 1 [0087.636] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0088.000] SetEvent (hEvent=0xc8) returned 1 [0088.000] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0088.061] VirtualAlloc (lpAddress=0xc0000c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000c4000 [0088.062] VirtualAlloc (lpAddress=0xc0000c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000c6000 [0088.239] SetEvent (hEvent=0xc8) returned 1 [0088.239] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0088.240] LoadLibraryExW (lpLibFileName="ws2_32.dll", hFile=0x0, dwFlags=0x800) returned 0x7feffa10000 [0088.240] GetProcAddress (hModule=0x7feffa10000, lpProcName="WSAStartup") returned 0x7feffa14980 [0088.241] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xc0000b1778 | out: lpWSAData=0xc0000b1778) returned 0 [0088.279] VirtualAlloc (lpAddress=0xc0000c8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000c8000 [0088.280] GetProcAddress (hModule=0x77660000, lpProcName="SetFileCompletionNotificationModes") returned 0x776b08b0 [0088.302] GetProcAddress (hModule=0x7feffa10000, lpProcName="WSAEnumProtocolsW") returned 0x7feffa38af0 [0088.302] WSAEnumProtocolsW (in: lpiProtocols=0xc0000ca8d0, lpProtocolBuffer=0xc0000ca8d8, lpdwBufferLength=0xc0000ca8cc | out: lpProtocolBuffer=0xc0000ca8d8, lpdwBufferLength=0xc0000ca8cc) returned 4 [0088.539] SetEvent (hEvent=0xc8) returned 1 [0088.539] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0088.645] GetProcAddress (hModule=0x77660000, lpProcName="GetConsoleMode") returned 0x77681840 [0088.645] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xc0000cf904 | out: lpMode=0xc0000cf904) returned 1 [0088.649] GetProcAddress (hModule=0x77660000, lpProcName="GetFileType") returned 0x776817e0 [0088.649] GetFileType (hFile=0x3) returned 0x2 [0088.650] VirtualAlloc (lpAddress=0xc0000d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d0000 [0088.651] SetEvent (hEvent=0xc8) returned 1 [0088.679] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xc0000cf904 | out: lpMode=0xc0000cf904) returned 1 [0088.683] GetFileType (hFile=0x7) returned 0x2 [0088.684] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0xc0000cf904 | out: lpMode=0xc0000cf904) returned 1 [0088.686] GetFileType (hFile=0xb) returned 0x2 [0088.739] GetProcAddress (hModule=0x77660000, lpProcName="GetCommandLineW") returned 0x7767b8b0 [0088.740] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\SecuriteInfo.com.Trojan-PSW.Agent.26016.exe\" " [0088.740] VirtualAlloc (lpAddress=0xc0000d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d2000 [0088.796] SetEvent (hEvent=0xbc) returned 1 [0088.797] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0089.122] SetEvent (hEvent=0xbc) returned 1 [0089.122] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0089.215] VirtualAlloc (lpAddress=0xc0000d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d4000 [0089.395] SetEvent (hEvent=0xbc) returned 1 [0089.396] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0089.666] VirtualAlloc (lpAddress=0xc0000d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d6000 [0089.692] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0089.723] SetEvent (hEvent=0xbc) returned 1 [0089.723] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0089.937] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0090.055] SetEvent (hEvent=0xbc) returned 1 [0090.055] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0090.163] VirtualAlloc (lpAddress=0xc0000de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000de000 [0090.217] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0090.217] VirtualAlloc (lpAddress=0xc0000e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e2000 [0090.245] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0090.381] SetEvent (hEvent=0xbc) returned 1 [0090.381] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0090.586] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0090.729] SetEvent (hEvent=0xbc) returned 1 [0090.729] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0091.026] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0091.050] SetEvent (hEvent=0xbc) returned 1 [0091.050] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0091.279] SetEvent (hEvent=0xbc) returned 1 [0091.279] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0091.302] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0091.608] SetEvent (hEvent=0xbc) returned 1 [0091.608] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0091.937] SetEvent (hEvent=0xbc) returned 1 [0091.938] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0092.150] SetEvent (hEvent=0xbc) returned 1 [0092.150] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0092.192] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0092.193] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0092.444] VirtualAlloc (lpAddress=0xc0000f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f2000 [0092.470] SetEvent (hEvent=0xbc) returned 1 [0092.470] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0092.496] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0092.498] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0092.499] GetProcAddress (hModule=0x77660000, lpProcName="GetEnvironmentVariableW") returned 0x77678550 [0092.499] GetEnvironmentVariableW (in: lpName="GODEBUG", lpBuffer=0xc0000f6000, nSize=0x64 | out: lpBuffer="") returned 0x0 [0092.605] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0092.715] SetEvent (hEvent=0xbc) returned 1 [0092.715] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0093.053] SetEvent (hEvent=0xbc) returned 1 [0093.053] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0093.204] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0093.299] SetEvent (hEvent=0xbc) returned 1 [0093.299] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0093.435] VirtualAlloc (lpAddress=0xc000100000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000100000 [0093.497] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0093.532] SetEvent (hEvent=0xbc) returned 1 [0093.532] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0093.561] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0093.818] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0093.864] SetEvent (hEvent=0xbc) returned 1 [0093.864] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0094.081] SetEvent (hEvent=0xbc) returned 1 [0094.081] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0094.253] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0094.338] GetEnvironmentVariableW (in: lpName="DEBUG_HTTP2_GOROUTINES", lpBuffer=0xc0000f60d0, nSize=0x64 | out: lpBuffer="") returned 0x0 [0094.507] SetEvent (hEvent=0xbc) returned 1 [0094.507] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0094.830] SetEvent (hEvent=0xbc) returned 1 [0094.831] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0095.172] SetEvent (hEvent=0xbc) returned 1 [0095.172] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0095.358] VirtualAlloc (lpAddress=0xc000128000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000128000 [0095.483] GetEnvironmentVariableW (in: lpName="GODEBUG", lpBuffer=0xc0000f61a0, nSize=0x64 | out: lpBuffer="") returned 0x0 [0095.606] SetEvent (hEvent=0xbc) returned 1 [0095.606] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0096.025] SetEvent (hEvent=0xbc) returned 1 [0096.025] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0096.517] VirtualAlloc (lpAddress=0xc00012a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00012a000 [0096.635] SetEvent (hEvent=0xbc) returned 1 [0096.635] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0096.767] VirtualAlloc (lpAddress=0xc00012c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00012c000 [0096.857] SetEvent (hEvent=0xbc) returned 1 [0096.857] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0097.219] VirtualAlloc (lpAddress=0xc00012e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00012e000 [0097.286] SetEvent (hEvent=0xbc) returned 1 [0097.286] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0097.329] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77660000 [0097.330] GetProcAddress (hModule=0x77660000, lpProcName="GetStdHandle") returned 0x7767cb80 [0097.330] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0097.330] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0097.330] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0097.414] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0097.618] SetEvent (hEvent=0xbc) returned 1 [0097.618] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0098.109] SetEvent (hEvent=0xbc) returned 1 [0098.109] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0098.219] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0098.432] SetEvent (hEvent=0xbc) returned 1 [0098.432] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0098.867] SetEvent (hEvent=0xbc) returned 1 [0098.868] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0098.889] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77660000 [0098.910] GetProcAddress (hModule=0x77660000, lpProcName="GetSystemTimes") returned 0x77667fb0 [0098.910] GetSystemTimes (in: lpIdleTime=0xc000130f38, lpKernelTime=0xc000130f70, lpUserTime=0xc000130f78 | out: lpIdleTime=0xc000130f38, lpKernelTime=0xc000130f70, lpUserTime=0xc000130f78) returned 1 [0098.912] VirtualAlloc (lpAddress=0xc000134000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000134000 [0098.934] GetProcAddress (hModule=0x77660000, lpProcName="AddDllDirectory") returned 0x7fefd945478 [0098.935] GetProcAddress (hModule=0x77660000, lpProcName="LoadLibraryExW") returned 0x77675ae0 [0098.935] LoadLibraryExW (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x800) returned 0x77880000 [0098.937] GetProcAddress (hModule=0x77880000, lpProcName="NtQuerySystemInformation") returned 0x778d1670 [0098.937] NtQuerySystemInformation (in: SystemInformationClass=0x8, SystemInformation=0xc000134000, Length=0x18180, ResultLength=0xc000130fac | out: SystemInformation=0xc000134000, ResultLength=0xc000130fac*=0x6e72656b000000c0) returned 0x0 [0099.004] VirtualAlloc (lpAddress=0xc00014e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014e000 [0099.108] VirtualAlloc (lpAddress=0xc000150000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000150000 [0099.109] VirtualAlloc (lpAddress=0xc000152000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000152000 [0099.176] VirtualAlloc (lpAddress=0xc000154000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000154000 [0099.199] SetEvent (hEvent=0xbc) returned 1 [0099.199] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0099.221] VirtualAlloc (lpAddress=0xc000156000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000156000 [0099.221] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0099.242] GetProcAddress (hModule=0x77660000, lpProcName="GetNativeSystemInfo") returned 0x7766ac80 [0099.243] GetNativeSystemInfo (in: lpSystemInfo=0xc000097f20 | out: lpSystemInfo=0xc000097f20*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x6a06)) [0099.243] GetProcAddress (hModule=0x77660000, lpProcName="GetCurrentProcess") returned 0x77675190 [0099.243] GetCurrentProcess () returned 0xffffffffffffffff [0099.264] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0099.265] LoadLibraryExW (lpLibFileName="advapi32.dll", hFile=0x0, dwFlags=0x800) returned 0x7feff870000 [0099.265] GetProcAddress (hModule=0x7feff870000, lpProcName="OpenProcessToken") returned 0x7feff88bd70 [0099.266] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0xc00011fd00 | out: TokenHandle=0xc00011fd00*=0xf8) returned 1 [0099.287] LoadLibraryExW (lpLibFileName="advapi32.dll", hFile=0x0, dwFlags=0x800) returned 0x7feff870000 [0099.288] GetProcAddress (hModule=0x7feff870000, lpProcName="LookupPrivilegeValueW") returned 0x7feff88b9e0 [0099.288] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xc000131174 | out: lpLuid=0xc000131174*(LowPart=0x14, HighPart=0)) returned 1 [0099.383] SetEvent (hEvent=0x138) returned 1 [0099.383] GetProcAddress (hModule=0x7feff870000, lpProcName="AdjustTokenPrivileges") returned 0x7feff88b9b0 [0099.384] AdjustTokenPrivileges (in: TokenHandle=0xf8, DisableAllPrivileges=0, NewState=0xc000131170*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0099.406] GetProcAddress (hModule=0x77660000, lpProcName="CloseHandle") returned 0x77681960 [0099.406] CloseHandle (hObject=0xf8) returned 1 [0099.450] SetEvent (hEvent=0xbc) returned 1 [0099.451] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0099.474] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0xc0000f6270, nSize=0x64 | out: lpBuffer="") returned 0x24 [0099.475] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f6340, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.502] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0099.503] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f6410, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.503] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f64e0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.524] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f65b0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.524] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f6680, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.524] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f6750, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.545] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f6820, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.546] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f68f0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.568] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f69c0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.568] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f6a90, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.568] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f6b60, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.610] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f6c30, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.631] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f6d00, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.631] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f6dd0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.631] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f6ea0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.652] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f6f70, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.652] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0xc0000f7040, nSize=0x64 | out: lpBuffer="") returned 0x22 [0099.676] SetEvent (hEvent=0xbc) returned 1 [0099.676] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0099.677] GetEnvironmentVariableW (in: lpName="LOCALAPPDATA", lpBuffer=0xc0000f7110, nSize=0x64 | out: lpBuffer="") returned 0x20 [0099.677] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f71e0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.677] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0xc0000f72b0, nSize=0x64 | out: lpBuffer="") returned 0x22 [0099.677] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0xc0000f7380, nSize=0x64 | out: lpBuffer="") returned 0x22 [0099.698] VirtualAlloc (lpAddress=0xc00015e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015e000 [0099.720] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0xc0000f7450, nSize=0x64 | out: lpBuffer="") returned 0x22 [0099.784] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0000f7520, nSize=0x64 | out: lpBuffer="") returned 0x12 [0099.900] SetEvent (hEvent=0xbc) returned 1 [0099.900] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0099.964] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0100.053] GetProcAddress (hModule=0x77660000, lpProcName="GetTempPathW") returned 0x776c20f0 [0100.053] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xc0000b4240 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0100.054] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xc0000b4480 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0100.075] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xc0000b46c0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0100.075] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xc0000b4900 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0100.075] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xc0000b4b40 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0100.075] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xc0000b4d80 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0100.075] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xc0000b4fc0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0100.076] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xc0000b5200 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0100.076] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x800) returned 0x77660000 [0100.077] GetProcAddress (hModule=0x77660000, lpProcName="GetConsoleWindow") returned 0x776a07e0 [0100.078] GetConsoleWindow () returned 0x302fc [0100.081] LoadLibraryW (lpLibFileName="user32.dll") returned 0x77780000 [0100.081] GetProcAddress (hModule=0x77780000, lpProcName="ShowWindow") returned 0x77791930 [0100.082] ShowWindow (hWnd=0x302fc, nCmdShow=0) returned 1 [0100.241] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0100.241] LoadLibraryExW (lpLibFileName="psapi.dll", hFile=0x0, dwFlags=0x800) returned 0x77a50000 [0100.266] GetProcAddress (hModule=0x77a50000, lpProcName="EnumProcesses") returned 0x77a511b0 [0100.267] EnumProcesses (in: lpidProcess=0xc00004e000, cb=0x1000, lpcbNeeded=0xc00011fa88 | out: lpidProcess=0xc00004e000, lpcbNeeded=0xc00011fa88) returned 1 [0100.286] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0100.287] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0100.350] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0100.351] GetProcAddress (hModule=0x77660000, lpProcName="OpenProcess") returned 0x7767bf00 [0100.351] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0100.374] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0x1e20000 [0100.395] GetProcAddress (hModule=0x77660000, lpProcName="FormatMessageW") returned 0x77672ce0 [0100.396] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x57, dwLanguageId=0x409, lpBuffer=0xc00011f2e0, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The parameter is incorrect.\r\n") returned 0x1d [0100.427] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x4) returned 0x144 [0100.427] GetProcAddress (hModule=0x77660000, lpProcName="GetExitCodeProcess") returned 0x77670750 [0100.427] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.428] CloseHandle (hObject=0x144) returned 1 [0100.428] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x4) returned 0x144 [0100.428] GetProcAddress (hModule=0x77660000, lpProcName="GetProcessTimes") returned 0x77663d10 [0100.428] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012200, lpExitTime=0xc000012208, lpKernelTime=0xc000012210, lpUserTime=0xc000012218 | out: lpCreationTime=0xc000012200, lpExitTime=0xc000012208, lpKernelTime=0xc000012210, lpUserTime=0xc000012218) returned 1 [0100.429] GetProcAddress (hModule=0x77660000, lpProcName="CloseHandle") returned 0x77681960 [0100.429] CloseHandle (hObject=0x144) returned 1 [0100.429] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x10c) returned 0x144 [0100.429] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.429] CloseHandle (hObject=0x144) returned 1 [0100.429] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x10c) returned 0x144 [0100.430] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012220, lpExitTime=0xc000012228, lpKernelTime=0xc000012230, lpUserTime=0xc000012238 | out: lpCreationTime=0xc000012220, lpExitTime=0xc000012228, lpKernelTime=0xc000012230, lpUserTime=0xc000012238) returned 1 [0100.430] CloseHandle (hObject=0x144) returned 1 [0100.430] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x154) returned 0x144 [0100.430] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.430] CloseHandle (hObject=0x144) returned 1 [0100.430] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x154) returned 0x144 [0100.430] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012240, lpExitTime=0xc000012248, lpKernelTime=0xc000012250, lpUserTime=0xc000012258 | out: lpCreationTime=0xc000012240, lpExitTime=0xc000012248, lpKernelTime=0xc000012250, lpUserTime=0xc000012258) returned 1 [0100.431] CloseHandle (hObject=0x144) returned 1 [0100.431] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x178) returned 0x144 [0100.431] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.432] CloseHandle (hObject=0x144) returned 1 [0100.432] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x178) returned 0x144 [0100.432] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012260, lpExitTime=0xc000012268, lpKernelTime=0xc000012270, lpUserTime=0xc000012278 | out: lpCreationTime=0xc000012260, lpExitTime=0xc000012268, lpKernelTime=0xc000012270, lpUserTime=0xc000012278) returned 1 [0100.432] CloseHandle (hObject=0x144) returned 1 [0100.432] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x184) returned 0x144 [0100.432] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.432] CloseHandle (hObject=0x144) returned 1 [0100.433] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x184) returned 0x144 [0100.433] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012280, lpExitTime=0xc000012288, lpKernelTime=0xc000012290, lpUserTime=0xc000012298 | out: lpCreationTime=0xc000012280, lpExitTime=0xc000012288, lpKernelTime=0xc000012290, lpUserTime=0xc000012298) returned 1 [0100.433] CloseHandle (hObject=0x144) returned 1 [0100.433] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x1ac) returned 0x144 [0100.433] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.433] CloseHandle (hObject=0x144) returned 1 [0100.434] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x1ac) returned 0x144 [0100.434] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc0000122a0, lpExitTime=0xc0000122a8, lpKernelTime=0xc0000122b0, lpUserTime=0xc0000122b8 | out: lpCreationTime=0xc0000122a0, lpExitTime=0xc0000122a8, lpKernelTime=0xc0000122b0, lpUserTime=0xc0000122b8) returned 1 [0100.434] CloseHandle (hObject=0x144) returned 1 [0100.434] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x1d8) returned 0x144 [0100.434] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.435] CloseHandle (hObject=0x144) returned 1 [0100.435] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x1d8) returned 0x144 [0100.435] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc0000122c0, lpExitTime=0xc0000122c8, lpKernelTime=0xc0000122d0, lpUserTime=0xc0000122d8 | out: lpCreationTime=0xc0000122c0, lpExitTime=0xc0000122c8, lpKernelTime=0xc0000122d0, lpUserTime=0xc0000122d8) returned 1 [0100.435] CloseHandle (hObject=0x144) returned 1 [0100.435] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x1e0) returned 0x144 [0100.435] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.436] CloseHandle (hObject=0x144) returned 1 [0100.436] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x1e0) returned 0x144 [0100.436] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc0000122e0, lpExitTime=0xc0000122e8, lpKernelTime=0xc0000122f0, lpUserTime=0xc0000122f8 | out: lpCreationTime=0xc0000122e0, lpExitTime=0xc0000122e8, lpKernelTime=0xc0000122f0, lpUserTime=0xc0000122f8) returned 1 [0100.436] CloseHandle (hObject=0x144) returned 1 [0100.436] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0100.437] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x1e8) returned 0x144 [0100.437] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.438] CloseHandle (hObject=0x144) returned 1 [0100.438] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x1e8) returned 0x144 [0100.438] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012300, lpExitTime=0xc000012308, lpKernelTime=0xc000012310, lpUserTime=0xc000012318 | out: lpCreationTime=0xc000012300, lpExitTime=0xc000012308, lpKernelTime=0xc000012310, lpUserTime=0xc000012318) returned 1 [0100.438] CloseHandle (hObject=0x144) returned 1 [0100.438] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x224) returned 0x144 [0100.438] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.439] CloseHandle (hObject=0x144) returned 1 [0100.439] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x224) returned 0x144 [0100.439] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012320, lpExitTime=0xc000012328, lpKernelTime=0xc000012330, lpUserTime=0xc000012338 | out: lpCreationTime=0xc000012320, lpExitTime=0xc000012328, lpKernelTime=0xc000012330, lpUserTime=0xc000012338) returned 1 [0100.439] CloseHandle (hObject=0x144) returned 1 [0100.439] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x254) returned 0x144 [0100.439] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.439] CloseHandle (hObject=0x144) returned 1 [0100.440] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x254) returned 0x144 [0100.440] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012340, lpExitTime=0xc000012348, lpKernelTime=0xc000012350, lpUserTime=0xc000012358 | out: lpCreationTime=0xc000012340, lpExitTime=0xc000012348, lpKernelTime=0xc000012350, lpUserTime=0xc000012358) returned 1 [0100.440] CloseHandle (hObject=0x144) returned 1 [0100.440] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x298) returned 0x144 [0100.441] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.441] CloseHandle (hObject=0x144) returned 1 [0100.441] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x298) returned 0x144 [0100.441] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012360, lpExitTime=0xc000012368, lpKernelTime=0xc000012370, lpUserTime=0xc000012378 | out: lpCreationTime=0xc000012360, lpExitTime=0xc000012368, lpKernelTime=0xc000012370, lpUserTime=0xc000012378) returned 1 [0100.441] CloseHandle (hObject=0x144) returned 1 [0100.441] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x2c8) returned 0x144 [0100.442] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.442] CloseHandle (hObject=0x144) returned 1 [0100.442] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x2c8) returned 0x144 [0100.442] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012380, lpExitTime=0xc000012388, lpKernelTime=0xc000012390, lpUserTime=0xc000012398 | out: lpCreationTime=0xc000012380, lpExitTime=0xc000012388, lpKernelTime=0xc000012390, lpUserTime=0xc000012398) returned 1 [0100.442] CloseHandle (hObject=0x144) returned 1 [0100.442] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x2dc) returned 0x144 [0100.442] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.443] CloseHandle (hObject=0x144) returned 1 [0100.443] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x2dc) returned 0x144 [0100.443] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc0000123a0, lpExitTime=0xc0000123a8, lpKernelTime=0xc0000123b0, lpUserTime=0xc0000123b8 | out: lpCreationTime=0xc0000123a0, lpExitTime=0xc0000123a8, lpKernelTime=0xc0000123b0, lpUserTime=0xc0000123b8) returned 1 [0100.443] CloseHandle (hObject=0x144) returned 1 [0100.443] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x328) returned 0x144 [0100.443] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.443] CloseHandle (hObject=0x144) returned 1 [0100.444] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x328) returned 0x144 [0100.444] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc0000123c0, lpExitTime=0xc0000123c8, lpKernelTime=0xc0000123d0, lpUserTime=0xc0000123d8 | out: lpCreationTime=0xc0000123c0, lpExitTime=0xc0000123c8, lpKernelTime=0xc0000123d0, lpUserTime=0xc0000123d8) returned 1 [0100.444] CloseHandle (hObject=0x144) returned 1 [0100.444] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x338) returned 0x144 [0100.444] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.444] CloseHandle (hObject=0x144) returned 1 [0100.445] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x338) returned 0x144 [0100.445] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc0000123e0, lpExitTime=0xc0000123e8, lpKernelTime=0xc0000123f0, lpUserTime=0xc0000123f8 | out: lpCreationTime=0xc0000123e0, lpExitTime=0xc0000123e8, lpKernelTime=0xc0000123f0, lpUserTime=0xc0000123f8) returned 1 [0100.445] CloseHandle (hObject=0x144) returned 1 [0100.445] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0100.446] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x36c) returned 0x144 [0100.446] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.446] CloseHandle (hObject=0x144) returned 1 [0100.446] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x36c) returned 0x144 [0100.446] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012400, lpExitTime=0xc000012408, lpKernelTime=0xc000012410, lpUserTime=0xc000012418 | out: lpCreationTime=0xc000012400, lpExitTime=0xc000012408, lpKernelTime=0xc000012410, lpUserTime=0xc000012418) returned 1 [0100.446] CloseHandle (hObject=0x144) returned 1 [0100.447] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x3ac) returned 0x144 [0100.447] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.447] CloseHandle (hObject=0x144) returned 1 [0100.447] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x3ac) returned 0x144 [0100.447] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012420, lpExitTime=0xc000012428, lpKernelTime=0xc000012430, lpUserTime=0xc000012438 | out: lpCreationTime=0xc000012420, lpExitTime=0xc000012428, lpKernelTime=0xc000012430, lpUserTime=0xc000012438) returned 1 [0100.447] CloseHandle (hObject=0x144) returned 1 [0100.448] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x3d0) returned 0x144 [0100.448] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.448] CloseHandle (hObject=0x144) returned 1 [0100.448] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x3d0) returned 0x144 [0100.448] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc000012440, lpExitTime=0xc000012448, lpKernelTime=0xc000012450, lpUserTime=0xc000012458 | out: lpCreationTime=0xc000012440, lpExitTime=0xc000012448, lpKernelTime=0xc000012450, lpUserTime=0xc000012458) returned 1 [0100.448] CloseHandle (hObject=0x144) returned 1 [0100.449] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x3fc) returned 0x144 [0100.449] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.451] CloseHandle (hObject=0x144) returned 1 [0100.451] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x3fc) returned 0x144 [0100.451] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e0e0, lpExitTime=0xc00015e0e8, lpKernelTime=0xc00015e0f0, lpUserTime=0xc00015e0f8 | out: lpCreationTime=0xc00015e0e0, lpExitTime=0xc00015e0e8, lpKernelTime=0xc00015e0f0, lpUserTime=0xc00015e0f8) returned 1 [0100.451] CloseHandle (hObject=0x144) returned 1 [0100.451] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0100.452] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x410) returned 0x144 [0100.452] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.452] CloseHandle (hObject=0x144) returned 1 [0100.452] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x410) returned 0x144 [0100.453] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e100, lpExitTime=0xc00015e108, lpKernelTime=0xc00015e110, lpUserTime=0xc00015e118 | out: lpCreationTime=0xc00015e100, lpExitTime=0xc00015e108, lpKernelTime=0xc00015e110, lpUserTime=0xc00015e118) returned 1 [0100.453] CloseHandle (hObject=0x144) returned 1 [0100.453] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x430) returned 0x144 [0100.453] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.453] CloseHandle (hObject=0x144) returned 1 [0100.453] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x430) returned 0x144 [0100.454] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e120, lpExitTime=0xc00015e128, lpKernelTime=0xc00015e130, lpUserTime=0xc00015e138 | out: lpCreationTime=0xc00015e120, lpExitTime=0xc00015e128, lpKernelTime=0xc00015e130, lpUserTime=0xc00015e138) returned 1 [0100.454] CloseHandle (hObject=0x144) returned 1 [0100.454] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x448) returned 0x144 [0100.454] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.454] CloseHandle (hObject=0x144) returned 1 [0100.454] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x448) returned 0x144 [0100.454] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e140, lpExitTime=0xc00015e148, lpKernelTime=0xc00015e150, lpUserTime=0xc00015e158 | out: lpCreationTime=0xc00015e140, lpExitTime=0xc00015e148, lpKernelTime=0xc00015e150, lpUserTime=0xc00015e158) returned 1 [0100.455] CloseHandle (hObject=0x144) returned 1 [0100.455] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x470) returned 0x144 [0100.455] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.455] CloseHandle (hObject=0x144) returned 1 [0100.455] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x470) returned 0x144 [0100.455] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e160, lpExitTime=0xc00015e168, lpKernelTime=0xc00015e170, lpUserTime=0xc00015e178 | out: lpCreationTime=0xc00015e160, lpExitTime=0xc00015e168, lpKernelTime=0xc00015e170, lpUserTime=0xc00015e178) returned 1 [0100.456] CloseHandle (hObject=0x144) returned 1 [0100.456] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x490) returned 0x144 [0100.456] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.456] CloseHandle (hObject=0x144) returned 1 [0100.456] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x490) returned 0x144 [0100.456] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e180, lpExitTime=0xc00015e188, lpKernelTime=0xc00015e190, lpUserTime=0xc00015e198 | out: lpCreationTime=0xc00015e180, lpExitTime=0xc00015e188, lpKernelTime=0xc00015e190, lpUserTime=0xc00015e198) returned 1 [0100.456] CloseHandle (hObject=0x144) returned 1 [0100.457] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x4b0) returned 0x144 [0100.457] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.457] CloseHandle (hObject=0x144) returned 1 [0100.457] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x4b0) returned 0x144 [0100.457] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e1a0, lpExitTime=0xc00015e1a8, lpKernelTime=0xc00015e1b0, lpUserTime=0xc00015e1b8 | out: lpCreationTime=0xc00015e1a0, lpExitTime=0xc00015e1a8, lpKernelTime=0xc00015e1b0, lpUserTime=0xc00015e1b8) returned 1 [0100.457] CloseHandle (hObject=0x144) returned 1 [0100.458] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x564) returned 0x144 [0100.458] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.458] CloseHandle (hObject=0x144) returned 1 [0100.458] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x564) returned 0x144 [0100.458] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e1c0, lpExitTime=0xc00015e1c8, lpKernelTime=0xc00015e1d0, lpUserTime=0xc00015e1d8 | out: lpCreationTime=0xc00015e1c0, lpExitTime=0xc00015e1c8, lpKernelTime=0xc00015e1d0, lpUserTime=0xc00015e1d8) returned 1 [0100.458] CloseHandle (hObject=0x144) returned 1 [0100.458] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x5a4) returned 0x144 [0100.459] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.459] CloseHandle (hObject=0x144) returned 1 [0100.459] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x5a4) returned 0x144 [0100.459] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e1e0, lpExitTime=0xc00015e1e8, lpKernelTime=0xc00015e1f0, lpUserTime=0xc00015e1f8 | out: lpCreationTime=0xc00015e1e0, lpExitTime=0xc00015e1e8, lpKernelTime=0xc00015e1f0, lpUserTime=0xc00015e1f8) returned 1 [0100.459] CloseHandle (hObject=0x144) returned 1 [0100.459] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x670) returned 0x144 [0100.460] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.460] CloseHandle (hObject=0x144) returned 1 [0100.460] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x670) returned 0x144 [0100.460] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e200, lpExitTime=0xc00015e208, lpKernelTime=0xc00015e210, lpUserTime=0xc00015e218 | out: lpCreationTime=0xc00015e200, lpExitTime=0xc00015e208, lpKernelTime=0xc00015e210, lpUserTime=0xc00015e218) returned 1 [0100.460] CloseHandle (hObject=0x144) returned 1 [0100.460] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x778) returned 0x144 [0100.461] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.461] CloseHandle (hObject=0x144) returned 1 [0100.461] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x778) returned 0x144 [0100.461] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e220, lpExitTime=0xc00015e228, lpKernelTime=0xc00015e230, lpUserTime=0xc00015e238 | out: lpCreationTime=0xc00015e220, lpExitTime=0xc00015e228, lpKernelTime=0xc00015e230, lpUserTime=0xc00015e238) returned 1 [0100.461] CloseHandle (hObject=0x144) returned 1 [0100.461] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x7b4) returned 0x144 [0100.462] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.462] CloseHandle (hObject=0x144) returned 1 [0100.462] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x7b4) returned 0x144 [0100.462] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e240, lpExitTime=0xc00015e248, lpKernelTime=0xc00015e250, lpUserTime=0xc00015e258 | out: lpCreationTime=0xc00015e240, lpExitTime=0xc00015e248, lpKernelTime=0xc00015e250, lpUserTime=0xc00015e258) returned 1 [0100.462] CloseHandle (hObject=0x144) returned 1 [0100.462] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x80c) returned 0x144 [0100.462] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.463] CloseHandle (hObject=0x144) returned 1 [0100.463] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x80c) returned 0x144 [0100.463] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e260, lpExitTime=0xc00015e268, lpKernelTime=0xc00015e270, lpUserTime=0xc00015e278 | out: lpCreationTime=0xc00015e260, lpExitTime=0xc00015e268, lpKernelTime=0xc00015e270, lpUserTime=0xc00015e278) returned 1 [0100.463] CloseHandle (hObject=0x144) returned 1 [0100.463] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x814) returned 0x144 [0100.463] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.463] CloseHandle (hObject=0x144) returned 1 [0100.463] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x814) returned 0x144 [0100.464] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e280, lpExitTime=0xc00015e288, lpKernelTime=0xc00015e290, lpUserTime=0xc00015e298 | out: lpCreationTime=0xc00015e280, lpExitTime=0xc00015e288, lpKernelTime=0xc00015e290, lpUserTime=0xc00015e298) returned 1 [0100.464] CloseHandle (hObject=0x144) returned 1 [0100.464] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x848) returned 0x144 [0100.464] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.464] CloseHandle (hObject=0x144) returned 1 [0100.464] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x848) returned 0x144 [0100.464] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e2a0, lpExitTime=0xc00015e2a8, lpKernelTime=0xc00015e2b0, lpUserTime=0xc00015e2b8 | out: lpCreationTime=0xc00015e2a0, lpExitTime=0xc00015e2a8, lpKernelTime=0xc00015e2b0, lpUserTime=0xc00015e2b8) returned 1 [0100.465] CloseHandle (hObject=0x144) returned 1 [0100.465] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x84c) returned 0x144 [0100.465] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.465] CloseHandle (hObject=0x144) returned 1 [0100.465] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x84c) returned 0x144 [0100.465] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e2c0, lpExitTime=0xc00015e2c8, lpKernelTime=0xc00015e2d0, lpUserTime=0xc00015e2d8 | out: lpCreationTime=0xc00015e2c0, lpExitTime=0xc00015e2c8, lpKernelTime=0xc00015e2d0, lpUserTime=0xc00015e2d8) returned 1 [0100.466] CloseHandle (hObject=0x144) returned 1 [0100.466] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x850) returned 0x144 [0100.466] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.466] CloseHandle (hObject=0x144) returned 1 [0100.466] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x850) returned 0x144 [0100.466] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e2e0, lpExitTime=0xc00015e2e8, lpKernelTime=0xc00015e2f0, lpUserTime=0xc00015e2f8 | out: lpCreationTime=0xc00015e2e0, lpExitTime=0xc00015e2e8, lpKernelTime=0xc00015e2f0, lpUserTime=0xc00015e2f8) returned 1 [0100.466] CloseHandle (hObject=0x144) returned 1 [0100.467] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x854) returned 0x144 [0100.467] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.467] CloseHandle (hObject=0x144) returned 1 [0100.467] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x854) returned 0x144 [0100.467] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e300, lpExitTime=0xc00015e308, lpKernelTime=0xc00015e310, lpUserTime=0xc00015e318 | out: lpCreationTime=0xc00015e300, lpExitTime=0xc00015e308, lpKernelTime=0xc00015e310, lpUserTime=0xc00015e318) returned 1 [0100.467] CloseHandle (hObject=0x144) returned 1 [0100.467] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x85c) returned 0x144 [0100.468] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.468] CloseHandle (hObject=0x144) returned 1 [0100.468] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x85c) returned 0x144 [0100.468] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e320, lpExitTime=0xc00015e328, lpKernelTime=0xc00015e330, lpUserTime=0xc00015e338 | out: lpCreationTime=0xc00015e320, lpExitTime=0xc00015e328, lpKernelTime=0xc00015e330, lpUserTime=0xc00015e338) returned 1 [0100.468] CloseHandle (hObject=0x144) returned 1 [0100.468] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x880) returned 0x144 [0100.468] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.468] CloseHandle (hObject=0x144) returned 1 [0100.469] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x880) returned 0x144 [0100.469] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e340, lpExitTime=0xc00015e348, lpKernelTime=0xc00015e350, lpUserTime=0xc00015e358 | out: lpCreationTime=0xc00015e340, lpExitTime=0xc00015e348, lpKernelTime=0xc00015e350, lpUserTime=0xc00015e358) returned 1 [0100.469] CloseHandle (hObject=0x144) returned 1 [0100.469] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x88c) returned 0x144 [0100.469] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.470] CloseHandle (hObject=0x144) returned 1 [0100.470] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x88c) returned 0x144 [0100.470] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e360, lpExitTime=0xc00015e368, lpKernelTime=0xc00015e370, lpUserTime=0xc00015e378 | out: lpCreationTime=0xc00015e360, lpExitTime=0xc00015e368, lpKernelTime=0xc00015e370, lpUserTime=0xc00015e378) returned 1 [0100.470] CloseHandle (hObject=0x144) returned 1 [0100.470] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x890) returned 0x144 [0100.470] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.470] CloseHandle (hObject=0x144) returned 1 [0100.471] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x890) returned 0x144 [0100.471] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e380, lpExitTime=0xc00015e388, lpKernelTime=0xc00015e390, lpUserTime=0xc00015e398 | out: lpCreationTime=0xc00015e380, lpExitTime=0xc00015e388, lpKernelTime=0xc00015e390, lpUserTime=0xc00015e398) returned 1 [0100.471] CloseHandle (hObject=0x144) returned 1 [0100.471] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x894) returned 0x144 [0100.471] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.471] CloseHandle (hObject=0x144) returned 1 [0100.472] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x894) returned 0x144 [0100.472] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e3a0, lpExitTime=0xc00015e3a8, lpKernelTime=0xc00015e3b0, lpUserTime=0xc00015e3b8 | out: lpCreationTime=0xc00015e3a0, lpExitTime=0xc00015e3a8, lpKernelTime=0xc00015e3b0, lpUserTime=0xc00015e3b8) returned 1 [0100.472] CloseHandle (hObject=0x144) returned 1 [0100.472] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x89c) returned 0x144 [0100.474] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.474] CloseHandle (hObject=0x144) returned 1 [0100.475] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x89c) returned 0x144 [0100.475] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e3c0, lpExitTime=0xc00015e3c8, lpKernelTime=0xc00015e3d0, lpUserTime=0xc00015e3d8 | out: lpCreationTime=0xc00015e3c0, lpExitTime=0xc00015e3c8, lpKernelTime=0xc00015e3d0, lpUserTime=0xc00015e3d8) returned 1 [0100.475] CloseHandle (hObject=0x144) returned 1 [0100.475] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8a4) returned 0x144 [0100.475] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.475] CloseHandle (hObject=0x144) returned 1 [0100.476] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8a4) returned 0x144 [0100.476] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e3e0, lpExitTime=0xc00015e3e8, lpKernelTime=0xc00015e3f0, lpUserTime=0xc00015e3f8 | out: lpCreationTime=0xc00015e3e0, lpExitTime=0xc00015e3e8, lpKernelTime=0xc00015e3f0, lpUserTime=0xc00015e3f8) returned 1 [0100.476] CloseHandle (hObject=0x144) returned 1 [0100.476] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8b0) returned 0x144 [0100.476] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.476] CloseHandle (hObject=0x144) returned 1 [0100.477] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8b0) returned 0x144 [0100.477] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e400, lpExitTime=0xc00015e408, lpKernelTime=0xc00015e410, lpUserTime=0xc00015e418 | out: lpCreationTime=0xc00015e400, lpExitTime=0xc00015e408, lpKernelTime=0xc00015e410, lpUserTime=0xc00015e418) returned 1 [0100.477] CloseHandle (hObject=0x144) returned 1 [0100.477] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8bc) returned 0x144 [0100.477] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.477] CloseHandle (hObject=0x144) returned 1 [0100.478] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8bc) returned 0x144 [0100.478] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e420, lpExitTime=0xc00015e428, lpKernelTime=0xc00015e430, lpUserTime=0xc00015e438 | out: lpCreationTime=0xc00015e420, lpExitTime=0xc00015e428, lpKernelTime=0xc00015e430, lpUserTime=0xc00015e438) returned 1 [0100.478] CloseHandle (hObject=0x144) returned 1 [0100.478] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8c8) returned 0x144 [0100.478] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.478] CloseHandle (hObject=0x144) returned 1 [0100.478] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8c8) returned 0x144 [0100.479] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e440, lpExitTime=0xc00015e448, lpKernelTime=0xc00015e450, lpUserTime=0xc00015e458 | out: lpCreationTime=0xc00015e440, lpExitTime=0xc00015e448, lpKernelTime=0xc00015e450, lpUserTime=0xc00015e458) returned 1 [0100.479] CloseHandle (hObject=0x144) returned 1 [0100.479] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8d4) returned 0x144 [0100.479] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.479] CloseHandle (hObject=0x144) returned 1 [0100.479] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8d4) returned 0x144 [0100.479] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e460, lpExitTime=0xc00015e468, lpKernelTime=0xc00015e470, lpUserTime=0xc00015e478 | out: lpCreationTime=0xc00015e460, lpExitTime=0xc00015e468, lpKernelTime=0xc00015e470, lpUserTime=0xc00015e478) returned 1 [0100.480] CloseHandle (hObject=0x144) returned 1 [0100.480] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8e0) returned 0x144 [0100.480] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.480] CloseHandle (hObject=0x144) returned 1 [0100.480] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8e0) returned 0x144 [0100.480] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e480, lpExitTime=0xc00015e488, lpKernelTime=0xc00015e490, lpUserTime=0xc00015e498 | out: lpCreationTime=0xc00015e480, lpExitTime=0xc00015e488, lpKernelTime=0xc00015e490, lpUserTime=0xc00015e498) returned 1 [0100.480] CloseHandle (hObject=0x144) returned 1 [0100.481] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8ec) returned 0x144 [0100.481] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.481] CloseHandle (hObject=0x144) returned 1 [0100.481] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8ec) returned 0x144 [0100.481] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e4a0, lpExitTime=0xc00015e4a8, lpKernelTime=0xc00015e4b0, lpUserTime=0xc00015e4b8 | out: lpCreationTime=0xc00015e4a0, lpExitTime=0xc00015e4a8, lpKernelTime=0xc00015e4b0, lpUserTime=0xc00015e4b8) returned 1 [0100.481] CloseHandle (hObject=0x144) returned 1 [0100.481] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8f8) returned 0x144 [0100.482] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.482] CloseHandle (hObject=0x144) returned 1 [0100.482] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x8f8) returned 0x144 [0100.482] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e4c0, lpExitTime=0xc00015e4c8, lpKernelTime=0xc00015e4d0, lpUserTime=0xc00015e4d8 | out: lpCreationTime=0xc00015e4c0, lpExitTime=0xc00015e4c8, lpKernelTime=0xc00015e4d0, lpUserTime=0xc00015e4d8) returned 1 [0100.482] CloseHandle (hObject=0x144) returned 1 [0100.483] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x910) returned 0x144 [0100.483] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.483] CloseHandle (hObject=0x144) returned 1 [0100.483] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x910) returned 0x144 [0100.483] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e4e0, lpExitTime=0xc00015e4e8, lpKernelTime=0xc00015e4f0, lpUserTime=0xc00015e4f8 | out: lpCreationTime=0xc00015e4e0, lpExitTime=0xc00015e4e8, lpKernelTime=0xc00015e4f0, lpUserTime=0xc00015e4f8) returned 1 [0100.483] CloseHandle (hObject=0x144) returned 1 [0100.483] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x918) returned 0x144 [0100.484] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.484] CloseHandle (hObject=0x144) returned 1 [0100.484] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x918) returned 0x144 [0100.484] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e500, lpExitTime=0xc00015e508, lpKernelTime=0xc00015e510, lpUserTime=0xc00015e518 | out: lpCreationTime=0xc00015e500, lpExitTime=0xc00015e508, lpKernelTime=0xc00015e510, lpUserTime=0xc00015e518) returned 1 [0100.484] CloseHandle (hObject=0x144) returned 1 [0100.484] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x920) returned 0x144 [0100.484] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.485] CloseHandle (hObject=0x144) returned 1 [0100.485] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x920) returned 0x144 [0100.485] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e520, lpExitTime=0xc00015e528, lpKernelTime=0xc00015e530, lpUserTime=0xc00015e538 | out: lpCreationTime=0xc00015e520, lpExitTime=0xc00015e528, lpKernelTime=0xc00015e530, lpUserTime=0xc00015e538) returned 1 [0100.485] CloseHandle (hObject=0x144) returned 1 [0100.485] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x928) returned 0x144 [0100.485] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.486] CloseHandle (hObject=0x144) returned 1 [0100.486] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x928) returned 0x144 [0100.486] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e540, lpExitTime=0xc00015e548, lpKernelTime=0xc00015e550, lpUserTime=0xc00015e558 | out: lpCreationTime=0xc00015e540, lpExitTime=0xc00015e548, lpKernelTime=0xc00015e550, lpUserTime=0xc00015e558) returned 1 [0100.486] CloseHandle (hObject=0x144) returned 1 [0100.486] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x930) returned 0x144 [0100.486] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.487] CloseHandle (hObject=0x144) returned 1 [0100.487] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0x930) returned 0x144 [0100.487] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e560, lpExitTime=0xc00015e568, lpKernelTime=0xc00015e570, lpUserTime=0xc00015e578 | out: lpCreationTime=0xc00015e560, lpExitTime=0xc00015e568, lpKernelTime=0xc00015e570, lpUserTime=0xc00015e578) returned 1 [0100.487] CloseHandle (hObject=0x144) returned 1 [0100.488] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0100.488] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xa40) returned 0x144 [0100.488] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.488] CloseHandle (hObject=0x144) returned 1 [0100.489] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xa40) returned 0x144 [0100.489] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e580, lpExitTime=0xc00015e588, lpKernelTime=0xc00015e590, lpUserTime=0xc00015e598 | out: lpCreationTime=0xc00015e580, lpExitTime=0xc00015e588, lpKernelTime=0xc00015e590, lpUserTime=0xc00015e598) returned 1 [0100.489] CloseHandle (hObject=0x144) returned 1 [0100.489] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xa78) returned 0x144 [0100.489] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.489] CloseHandle (hObject=0x144) returned 1 [0100.490] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xa78) returned 0x144 [0100.490] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e5a0, lpExitTime=0xc00015e5a8, lpKernelTime=0xc00015e5b0, lpUserTime=0xc00015e5b8 | out: lpCreationTime=0xc00015e5a0, lpExitTime=0xc00015e5a8, lpKernelTime=0xc00015e5b0, lpUserTime=0xc00015e5b8) returned 1 [0100.490] CloseHandle (hObject=0x144) returned 1 [0100.490] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xa8c) returned 0x144 [0100.491] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.491] CloseHandle (hObject=0x144) returned 1 [0100.491] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xa8c) returned 0x144 [0100.491] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e5c0, lpExitTime=0xc00015e5c8, lpKernelTime=0xc00015e5d0, lpUserTime=0xc00015e5d8 | out: lpCreationTime=0xc00015e5c0, lpExitTime=0xc00015e5c8, lpKernelTime=0xc00015e5d0, lpUserTime=0xc00015e5d8) returned 1 [0100.491] CloseHandle (hObject=0x144) returned 1 [0100.491] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xaf0) returned 0x144 [0100.491] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.492] CloseHandle (hObject=0x144) returned 1 [0100.492] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xaf0) returned 0x144 [0100.492] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e5e0, lpExitTime=0xc00015e5e8, lpKernelTime=0xc00015e5f0, lpUserTime=0xc00015e5f8 | out: lpCreationTime=0xc00015e5e0, lpExitTime=0xc00015e5e8, lpKernelTime=0xc00015e5f0, lpUserTime=0xc00015e5f8) returned 1 [0100.492] CloseHandle (hObject=0x144) returned 1 [0100.492] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xaf8) returned 0x144 [0100.492] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.493] CloseHandle (hObject=0x144) returned 1 [0100.493] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xaf8) returned 0x144 [0100.493] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e600, lpExitTime=0xc00015e608, lpKernelTime=0xc00015e610, lpUserTime=0xc00015e618 | out: lpCreationTime=0xc00015e600, lpExitTime=0xc00015e608, lpKernelTime=0xc00015e610, lpUserTime=0xc00015e618) returned 1 [0100.493] CloseHandle (hObject=0x144) returned 1 [0100.493] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb00) returned 0x144 [0100.494] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.494] CloseHandle (hObject=0x144) returned 1 [0100.494] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb00) returned 0x144 [0100.494] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e620, lpExitTime=0xc00015e628, lpKernelTime=0xc00015e630, lpUserTime=0xc00015e638 | out: lpCreationTime=0xc00015e620, lpExitTime=0xc00015e628, lpKernelTime=0xc00015e630, lpUserTime=0xc00015e638) returned 1 [0100.494] CloseHandle (hObject=0x144) returned 1 [0100.494] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb08) returned 0x144 [0100.494] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.494] CloseHandle (hObject=0x144) returned 1 [0100.495] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb08) returned 0x144 [0100.495] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e640, lpExitTime=0xc00015e648, lpKernelTime=0xc00015e650, lpUserTime=0xc00015e658 | out: lpCreationTime=0xc00015e640, lpExitTime=0xc00015e648, lpKernelTime=0xc00015e650, lpUserTime=0xc00015e658) returned 1 [0100.495] CloseHandle (hObject=0x144) returned 1 [0100.495] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb10) returned 0x144 [0100.495] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.495] CloseHandle (hObject=0x144) returned 1 [0100.495] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb10) returned 0x144 [0100.496] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e660, lpExitTime=0xc00015e668, lpKernelTime=0xc00015e670, lpUserTime=0xc00015e678 | out: lpCreationTime=0xc00015e660, lpExitTime=0xc00015e668, lpKernelTime=0xc00015e670, lpUserTime=0xc00015e678) returned 1 [0100.496] CloseHandle (hObject=0x144) returned 1 [0100.496] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb18) returned 0x144 [0100.497] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.497] CloseHandle (hObject=0x144) returned 1 [0100.497] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb18) returned 0x144 [0100.497] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e680, lpExitTime=0xc00015e688, lpKernelTime=0xc00015e690, lpUserTime=0xc00015e698 | out: lpCreationTime=0xc00015e680, lpExitTime=0xc00015e688, lpKernelTime=0xc00015e690, lpUserTime=0xc00015e698) returned 1 [0100.497] CloseHandle (hObject=0x144) returned 1 [0100.498] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb20) returned 0x144 [0100.498] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.498] CloseHandle (hObject=0x144) returned 1 [0100.498] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb20) returned 0x144 [0100.498] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e6a0, lpExitTime=0xc00015e6a8, lpKernelTime=0xc00015e6b0, lpUserTime=0xc00015e6b8 | out: lpCreationTime=0xc00015e6a0, lpExitTime=0xc00015e6a8, lpKernelTime=0xc00015e6b0, lpUserTime=0xc00015e6b8) returned 1 [0100.498] CloseHandle (hObject=0x144) returned 1 [0100.498] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb28) returned 0x144 [0100.499] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.499] CloseHandle (hObject=0x144) returned 1 [0100.499] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb28) returned 0x144 [0100.500] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e6c0, lpExitTime=0xc00015e6c8, lpKernelTime=0xc00015e6d0, lpUserTime=0xc00015e6d8 | out: lpCreationTime=0xc00015e6c0, lpExitTime=0xc00015e6c8, lpKernelTime=0xc00015e6d0, lpUserTime=0xc00015e6d8) returned 1 [0100.500] CloseHandle (hObject=0x144) returned 1 [0100.500] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb30) returned 0x144 [0100.500] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.500] CloseHandle (hObject=0x144) returned 1 [0100.500] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb30) returned 0x144 [0100.500] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e6e0, lpExitTime=0xc00015e6e8, lpKernelTime=0xc00015e6f0, lpUserTime=0xc00015e6f8 | out: lpCreationTime=0xc00015e6e0, lpExitTime=0xc00015e6e8, lpKernelTime=0xc00015e6f0, lpUserTime=0xc00015e6f8) returned 1 [0100.501] CloseHandle (hObject=0x144) returned 1 [0100.501] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb38) returned 0x144 [0100.501] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.501] CloseHandle (hObject=0x144) returned 1 [0100.501] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb38) returned 0x144 [0100.502] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e700, lpExitTime=0xc00015e708, lpKernelTime=0xc00015e710, lpUserTime=0xc00015e718 | out: lpCreationTime=0xc00015e700, lpExitTime=0xc00015e708, lpKernelTime=0xc00015e710, lpUserTime=0xc00015e718) returned 1 [0100.502] CloseHandle (hObject=0x144) returned 1 [0100.502] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb40) returned 0x144 [0100.502] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.502] CloseHandle (hObject=0x144) returned 1 [0100.503] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb40) returned 0x144 [0100.503] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e720, lpExitTime=0xc00015e728, lpKernelTime=0xc00015e730, lpUserTime=0xc00015e738 | out: lpCreationTime=0xc00015e720, lpExitTime=0xc00015e728, lpKernelTime=0xc00015e730, lpUserTime=0xc00015e738) returned 1 [0100.503] CloseHandle (hObject=0x144) returned 1 [0100.503] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb48) returned 0x144 [0100.503] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.503] CloseHandle (hObject=0x144) returned 1 [0100.503] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb48) returned 0x144 [0100.504] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e740, lpExitTime=0xc00015e748, lpKernelTime=0xc00015e750, lpUserTime=0xc00015e758 | out: lpCreationTime=0xc00015e740, lpExitTime=0xc00015e748, lpKernelTime=0xc00015e750, lpUserTime=0xc00015e758) returned 1 [0100.504] CloseHandle (hObject=0x144) returned 1 [0100.504] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb50) returned 0x144 [0100.504] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.504] CloseHandle (hObject=0x144) returned 1 [0100.504] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb50) returned 0x144 [0100.505] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e760, lpExitTime=0xc00015e768, lpKernelTime=0xc00015e770, lpUserTime=0xc00015e778 | out: lpCreationTime=0xc00015e760, lpExitTime=0xc00015e768, lpKernelTime=0xc00015e770, lpUserTime=0xc00015e778) returned 1 [0100.505] CloseHandle (hObject=0x144) returned 1 [0100.505] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb60) returned 0x144 [0100.505] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.506] CloseHandle (hObject=0x144) returned 1 [0100.506] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb60) returned 0x144 [0100.506] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e780, lpExitTime=0xc00015e788, lpKernelTime=0xc00015e790, lpUserTime=0xc00015e798 | out: lpCreationTime=0xc00015e780, lpExitTime=0xc00015e788, lpKernelTime=0xc00015e790, lpUserTime=0xc00015e798) returned 1 [0100.506] CloseHandle (hObject=0x144) returned 1 [0100.506] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb6c) returned 0x144 [0100.506] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.507] CloseHandle (hObject=0x144) returned 1 [0100.507] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb6c) returned 0x144 [0100.507] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e7a0, lpExitTime=0xc00015e7a8, lpKernelTime=0xc00015e7b0, lpUserTime=0xc00015e7b8 | out: lpCreationTime=0xc00015e7a0, lpExitTime=0xc00015e7a8, lpKernelTime=0xc00015e7b0, lpUserTime=0xc00015e7b8) returned 1 [0100.507] CloseHandle (hObject=0x144) returned 1 [0100.507] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb78) returned 0x144 [0100.507] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.508] CloseHandle (hObject=0x144) returned 1 [0100.508] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb78) returned 0x144 [0100.508] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e7c0, lpExitTime=0xc00015e7c8, lpKernelTime=0xc00015e7d0, lpUserTime=0xc00015e7d8 | out: lpCreationTime=0xc00015e7c0, lpExitTime=0xc00015e7c8, lpKernelTime=0xc00015e7d0, lpUserTime=0xc00015e7d8) returned 1 [0100.508] CloseHandle (hObject=0x144) returned 1 [0100.509] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb84) returned 0x144 [0100.509] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.509] CloseHandle (hObject=0x144) returned 1 [0100.509] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb84) returned 0x144 [0100.509] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e7e0, lpExitTime=0xc00015e7e8, lpKernelTime=0xc00015e7f0, lpUserTime=0xc00015e7f8 | out: lpCreationTime=0xc00015e7e0, lpExitTime=0xc00015e7e8, lpKernelTime=0xc00015e7f0, lpUserTime=0xc00015e7f8) returned 1 [0100.509] CloseHandle (hObject=0x144) returned 1 [0100.510] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb90) returned 0x144 [0100.510] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.510] CloseHandle (hObject=0x144) returned 1 [0100.510] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb90) returned 0x144 [0100.510] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e800, lpExitTime=0xc00015e808, lpKernelTime=0xc00015e810, lpUserTime=0xc00015e818 | out: lpCreationTime=0xc00015e800, lpExitTime=0xc00015e808, lpKernelTime=0xc00015e810, lpUserTime=0xc00015e818) returned 1 [0100.510] CloseHandle (hObject=0x144) returned 1 [0100.510] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb98) returned 0x144 [0100.511] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.511] CloseHandle (hObject=0x144) returned 1 [0100.511] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xb98) returned 0x144 [0100.511] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e820, lpExitTime=0xc00015e828, lpKernelTime=0xc00015e830, lpUserTime=0xc00015e838 | out: lpCreationTime=0xc00015e820, lpExitTime=0xc00015e828, lpKernelTime=0xc00015e830, lpUserTime=0xc00015e838) returned 1 [0100.511] CloseHandle (hObject=0x144) returned 1 [0100.511] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xba0) returned 0x144 [0100.512] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.512] CloseHandle (hObject=0x144) returned 1 [0100.512] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xba0) returned 0x144 [0100.512] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e840, lpExitTime=0xc00015e848, lpKernelTime=0xc00015e850, lpUserTime=0xc00015e858 | out: lpCreationTime=0xc00015e840, lpExitTime=0xc00015e848, lpKernelTime=0xc00015e850, lpUserTime=0xc00015e858) returned 1 [0100.512] CloseHandle (hObject=0x144) returned 1 [0100.512] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xba8) returned 0x144 [0100.512] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.513] CloseHandle (hObject=0x144) returned 1 [0100.513] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xba8) returned 0x144 [0100.513] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e860, lpExitTime=0xc00015e868, lpKernelTime=0xc00015e870, lpUserTime=0xc00015e878 | out: lpCreationTime=0xc00015e860, lpExitTime=0xc00015e868, lpKernelTime=0xc00015e870, lpUserTime=0xc00015e878) returned 1 [0100.513] CloseHandle (hObject=0x144) returned 1 [0100.513] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbb0) returned 0x144 [0100.513] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.514] CloseHandle (hObject=0x144) returned 1 [0100.514] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbb0) returned 0x144 [0100.514] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e880, lpExitTime=0xc00015e888, lpKernelTime=0xc00015e890, lpUserTime=0xc00015e898 | out: lpCreationTime=0xc00015e880, lpExitTime=0xc00015e888, lpKernelTime=0xc00015e890, lpUserTime=0xc00015e898) returned 1 [0100.514] CloseHandle (hObject=0x144) returned 1 [0100.514] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbb8) returned 0x144 [0100.514] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.514] CloseHandle (hObject=0x144) returned 1 [0100.515] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbb8) returned 0x144 [0100.515] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e8a0, lpExitTime=0xc00015e8a8, lpKernelTime=0xc00015e8b0, lpUserTime=0xc00015e8b8 | out: lpCreationTime=0xc00015e8a0, lpExitTime=0xc00015e8a8, lpKernelTime=0xc00015e8b0, lpUserTime=0xc00015e8b8) returned 1 [0100.515] CloseHandle (hObject=0x144) returned 1 [0100.515] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbc0) returned 0x144 [0100.515] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.515] CloseHandle (hObject=0x144) returned 1 [0100.515] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbc0) returned 0x144 [0100.516] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e8c0, lpExitTime=0xc00015e8c8, lpKernelTime=0xc00015e8d0, lpUserTime=0xc00015e8d8 | out: lpCreationTime=0xc00015e8c0, lpExitTime=0xc00015e8c8, lpKernelTime=0xc00015e8d0, lpUserTime=0xc00015e8d8) returned 1 [0100.516] CloseHandle (hObject=0x144) returned 1 [0100.516] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbc8) returned 0x144 [0100.516] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.516] CloseHandle (hObject=0x144) returned 1 [0100.516] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbc8) returned 0x144 [0100.517] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e8e0, lpExitTime=0xc00015e8e8, lpKernelTime=0xc00015e8f0, lpUserTime=0xc00015e8f8 | out: lpCreationTime=0xc00015e8e0, lpExitTime=0xc00015e8e8, lpKernelTime=0xc00015e8f0, lpUserTime=0xc00015e8f8) returned 1 [0100.517] CloseHandle (hObject=0x144) returned 1 [0100.517] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbd0) returned 0x144 [0100.517] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.517] CloseHandle (hObject=0x144) returned 1 [0100.517] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbd0) returned 0x144 [0100.517] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e900, lpExitTime=0xc00015e908, lpKernelTime=0xc00015e910, lpUserTime=0xc00015e918 | out: lpCreationTime=0xc00015e900, lpExitTime=0xc00015e908, lpKernelTime=0xc00015e910, lpUserTime=0xc00015e918) returned 1 [0100.518] CloseHandle (hObject=0x144) returned 1 [0100.518] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbd8) returned 0x144 [0100.518] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.518] CloseHandle (hObject=0x144) returned 1 [0100.518] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbd8) returned 0x144 [0100.518] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e920, lpExitTime=0xc00015e928, lpKernelTime=0xc00015e930, lpUserTime=0xc00015e938 | out: lpCreationTime=0xc00015e920, lpExitTime=0xc00015e928, lpKernelTime=0xc00015e930, lpUserTime=0xc00015e938) returned 1 [0100.519] CloseHandle (hObject=0x144) returned 1 [0100.519] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbe0) returned 0x144 [0100.519] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.519] CloseHandle (hObject=0x144) returned 1 [0100.519] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbe0) returned 0x144 [0100.519] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e940, lpExitTime=0xc00015e948, lpKernelTime=0xc00015e950, lpUserTime=0xc00015e958 | out: lpCreationTime=0xc00015e940, lpExitTime=0xc00015e948, lpKernelTime=0xc00015e950, lpUserTime=0xc00015e958) returned 1 [0100.519] CloseHandle (hObject=0x144) returned 1 [0100.520] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbe8) returned 0x144 [0100.520] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.520] CloseHandle (hObject=0x144) returned 1 [0100.520] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbe8) returned 0x144 [0100.520] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e960, lpExitTime=0xc00015e968, lpKernelTime=0xc00015e970, lpUserTime=0xc00015e978 | out: lpCreationTime=0xc00015e960, lpExitTime=0xc00015e968, lpKernelTime=0xc00015e970, lpUserTime=0xc00015e978) returned 1 [0100.520] CloseHandle (hObject=0x144) returned 1 [0100.521] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbf0) returned 0x144 [0100.521] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.521] CloseHandle (hObject=0x144) returned 1 [0100.521] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbf0) returned 0x144 [0100.521] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e980, lpExitTime=0xc00015e988, lpKernelTime=0xc00015e990, lpUserTime=0xc00015e998 | out: lpCreationTime=0xc00015e980, lpExitTime=0xc00015e988, lpKernelTime=0xc00015e990, lpUserTime=0xc00015e998) returned 1 [0100.521] CloseHandle (hObject=0x144) returned 1 [0100.522] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbf8) returned 0x144 [0100.522] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.522] CloseHandle (hObject=0x144) returned 1 [0100.522] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xbf8) returned 0x144 [0100.522] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e9a0, lpExitTime=0xc00015e9a8, lpKernelTime=0xc00015e9b0, lpUserTime=0xc00015e9b8 | out: lpCreationTime=0xc00015e9a0, lpExitTime=0xc00015e9a8, lpKernelTime=0xc00015e9b0, lpUserTime=0xc00015e9b8) returned 1 [0100.522] CloseHandle (hObject=0x144) returned 1 [0100.522] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xc0c) returned 0x144 [0100.523] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.523] CloseHandle (hObject=0x144) returned 1 [0100.523] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xc0c) returned 0x144 [0100.523] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e9c0, lpExitTime=0xc00015e9c8, lpKernelTime=0xc00015e9d0, lpUserTime=0xc00015e9d8 | out: lpCreationTime=0xc00015e9c0, lpExitTime=0xc00015e9c8, lpKernelTime=0xc00015e9d0, lpUserTime=0xc00015e9d8) returned 1 [0100.523] CloseHandle (hObject=0x144) returned 1 [0100.523] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xce4) returned 0x144 [0100.524] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.524] CloseHandle (hObject=0x144) returned 1 [0100.524] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xce4) returned 0x144 [0100.524] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015e9e0, lpExitTime=0xc00015e9e8, lpKernelTime=0xc00015e9f0, lpUserTime=0xc00015e9f8 | out: lpCreationTime=0xc00015e9e0, lpExitTime=0xc00015e9e8, lpKernelTime=0xc00015e9f0, lpUserTime=0xc00015e9f8) returned 1 [0100.524] CloseHandle (hObject=0x144) returned 1 [0100.524] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0100.525] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xd74) returned 0x144 [0100.525] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.525] CloseHandle (hObject=0x144) returned 1 [0100.526] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xd74) returned 0x144 [0100.526] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015ea00, lpExitTime=0xc00015ea08, lpKernelTime=0xc00015ea10, lpUserTime=0xc00015ea18 | out: lpCreationTime=0xc00015ea00, lpExitTime=0xc00015ea08, lpKernelTime=0xc00015ea10, lpUserTime=0xc00015ea18) returned 1 [0100.526] CloseHandle (hObject=0x144) returned 1 [0100.526] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xd7c) returned 0x144 [0100.526] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.526] CloseHandle (hObject=0x144) returned 1 [0100.526] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xd7c) returned 0x144 [0100.527] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015ea20, lpExitTime=0xc00015ea28, lpKernelTime=0xc00015ea30, lpUserTime=0xc00015ea38 | out: lpCreationTime=0xc00015ea20, lpExitTime=0xc00015ea28, lpKernelTime=0xc00015ea30, lpUserTime=0xc00015ea38) returned 1 [0100.527] CloseHandle (hObject=0x144) returned 1 [0100.527] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xd8c) returned 0x144 [0100.527] GetExitCodeProcess (in: hProcess=0x144, lpExitCode=0xc00011fa84 | out: lpExitCode=0xc00011fa84*=0x103) returned 1 [0100.527] CloseHandle (hObject=0x144) returned 1 [0100.527] OpenProcess (dwDesiredAccess=0x1000, bInheritHandle=0, dwProcessId=0xd8c) returned 0x144 [0100.527] GetProcessTimes (in: hProcess=0x144, lpCreationTime=0xc00015ea40, lpExitTime=0xc00015ea48, lpKernelTime=0xc00015ea50, lpUserTime=0xc00015ea58 | out: lpCreationTime=0xc00015ea40, lpExitTime=0xc00015ea48, lpKernelTime=0xc00015ea50, lpUserTime=0xc00015ea58) returned 1 [0100.528] CloseHandle (hObject=0x144) returned 1 [0100.528] GetProcAddress (hModule=0x77660000, lpProcName="CreateToolhelp32Snapshot") returned 0x77661c10 [0100.528] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x144 [0100.544] GetProcAddress (hModule=0x77660000, lpProcName="Process32FirstW") returned 0x77661910 [0100.544] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0100.546] CloseHandle (hObject=0x144) returned 1 [0101.556] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x4) returned 0x144 [0101.594] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.642] GetProcAddress (hModule=0x77660000, lpProcName="Process32NextW") returned 0x77661b20 [0101.683] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0101.750] CloseHandle (hObject=0x144) returned 1 [0101.771] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x10c) returned 0x144 [0101.786] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.789] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0101.794] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0101.796] CloseHandle (hObject=0x144) returned 1 [0101.797] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x154) returned 0x144 [0101.811] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.813] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0101.815] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0101.818] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.820] CloseHandle (hObject=0x144) returned 1 [0101.821] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x178) returned 0x144 [0101.839] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.842] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0101.844] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0101.846] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.849] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0101.852] CloseHandle (hObject=0x144) returned 1 [0101.853] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x184) returned 0x144 [0101.869] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.871] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0101.873] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0101.875] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.877] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0101.879] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.881] CloseHandle (hObject=0x144) returned 1 [0101.881] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x1ac) returned 0x144 [0101.902] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.904] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0101.906] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0101.908] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.910] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0101.912] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.914] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0101.916] CloseHandle (hObject=0x144) returned 1 [0101.916] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x1d8) returned 0x144 [0101.940] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.943] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0101.945] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0101.947] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.949] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0101.951] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.954] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0101.957] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0101.959] CloseHandle (hObject=0x144) returned 1 [0101.959] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x1e0) returned 0x144 [0101.973] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.975] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0101.977] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0101.979] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.982] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0101.983] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.986] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0101.988] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0101.990] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0101.992] CloseHandle (hObject=0x144) returned 1 [0101.992] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x1e8) returned 0x144 [0102.005] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.007] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0102.009] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0102.011] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.013] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0102.014] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.017] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0102.019] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0102.021] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0102.023] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0102.026] CloseHandle (hObject=0x144) returned 1 [0102.026] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x224) returned 0x144 [0102.043] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.045] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0102.047] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0102.049] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.051] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0102.053] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.055] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0102.057] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0102.060] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0102.062] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0102.064] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.066] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.068] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.070] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.072] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.074] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.076] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0102.078] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.081] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0102.083] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0102.085] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.087] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x76c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0102.090] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0102.091] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0102.094] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0102.096] CloseHandle (hObject=0x144) returned 1 [0102.096] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x254) returned 0x144 [0102.109] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.112] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0102.114] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0102.116] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.118] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0102.120] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.122] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0102.124] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0102.126] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0102.128] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0102.130] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.132] CloseHandle (hObject=0x144) returned 1 [0102.133] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x298) returned 0x144 [0102.151] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.153] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0102.156] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0102.158] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.160] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0102.167] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.169] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0102.174] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0102.176] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0102.178] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0102.180] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.182] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.184] CloseHandle (hObject=0x144) returned 1 [0102.184] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x2c8) returned 0x144 [0102.199] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.201] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0102.204] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0102.207] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.210] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0102.212] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.215] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0102.218] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0102.220] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0102.221] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0102.223] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.225] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.227] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.229] CloseHandle (hObject=0x144) returned 1 [0102.341] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0102.364] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x2dc) returned 0x144 [0102.380] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.382] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0102.385] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0102.387] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.389] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0102.392] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.395] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0102.397] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0102.401] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0102.403] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0102.405] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.407] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.409] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.411] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.413] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.414] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.416] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0102.418] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.420] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0102.422] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0102.424] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.426] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x76c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0102.428] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0102.429] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0102.431] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0102.433] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.435] CloseHandle (hObject=0x144) returned 1 [0102.435] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x328) returned 0x144 [0102.448] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.450] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0102.452] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0102.455] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.460] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0102.463] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.465] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0102.467] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0102.469] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0102.471] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0102.472] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.474] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.476] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.478] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.481] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.483] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.485] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0102.487] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.489] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0102.491] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0102.493] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.495] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x76c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0102.497] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0102.499] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0102.501] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0102.505] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.508] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0102.510] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0102.512] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0102.515] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x880, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="possible.exe")) returned 1 [0102.517] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x89c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="head.exe")) returned 1 [0102.520] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="buy.exe")) returned 1 [0102.522] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation life.exe")) returned 1 [0102.525] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="group sort.exe")) returned 1 [0102.527] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="recent treat play.exe")) returned 1 [0102.529] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="participant_near.exe")) returned 1 [0102.532] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="barmarriagerule.exe")) returned 1 [0102.534] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="million_for.exe")) returned 1 [0102.536] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="situation affect.exe")) returned 1 [0102.538] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="government-significant.exe")) returned 1 [0102.541] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x918, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="heat_boy_serve.exe")) returned 1 [0102.543] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x920, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fingerreduce.exe")) returned 1 [0102.545] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x928, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="spendareaday.exe")) returned 1 [0102.547] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x930, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ever-music-growth.exe")) returned 1 [0102.549] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0102.551] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xaf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0102.553] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0102.555] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0102.558] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0102.561] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0102.563] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0102.565] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0102.567] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0102.569] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0102.571] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0102.574] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0102.576] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0102.579] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0102.583] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0102.586] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0102.590] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0102.593] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0102.597] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0102.600] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0102.603] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0102.607] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0102.616] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0102.619] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0102.622] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0102.625] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0102.628] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0102.631] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0102.634] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0102.638] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0102.641] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0102.644] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0102.647] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x80c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0102.753] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x848, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0102.756] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0102.760] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x850, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0102.763] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0102.766] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0102.769] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="sea.exe")) returned 1 [0102.772] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="mother_hospital.exe")) returned 1 [0102.775] CloseHandle (hObject=0x144) returned 1 [0103.093] SetEvent (hEvent=0x138) returned 1 [0103.093] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x338) returned 0x144 [0103.109] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.111] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0103.113] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0103.114] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.116] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0103.118] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.122] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0103.124] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0103.126] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0103.128] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0103.129] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.131] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.133] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.138] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.139] CloseHandle (hObject=0x144) returned 1 [0103.140] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x36c) returned 0x144 [0103.153] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.156] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0103.158] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0103.160] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.161] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0103.163] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.165] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0103.170] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0103.171] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0103.173] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0103.175] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.177] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.178] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.180] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.184] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.186] CloseHandle (hObject=0x144) returned 1 [0103.186] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x3ac) returned 0x144 [0103.201] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.203] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0103.205] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0103.207] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.208] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0103.210] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.212] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0103.227] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0103.230] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0103.231] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0103.233] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.235] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.237] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.238] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.240] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.242] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.247] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0103.249] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.251] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0103.253] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0103.256] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.258] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x76c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0103.260] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0103.262] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0103.264] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0103.266] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.268] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0103.270] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0103.272] CloseHandle (hObject=0x144) returned 1 [0103.272] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x3d0) returned 0x144 [0103.291] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.292] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0103.294] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0103.296] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.301] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0103.303] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.305] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0103.307] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0103.309] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0103.312] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0103.313] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.315] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.317] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.319] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.324] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.327] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.329] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0103.332] CloseHandle (hObject=0x144) returned 1 [0103.332] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x3fc) returned 0x144 [0103.396] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.401] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0103.403] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0103.405] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.407] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0103.410] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.412] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0103.414] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0103.416] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0103.418] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0103.420] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.422] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.424] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.426] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.428] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.430] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.432] CloseHandle (hObject=0x144) returned 1 [0103.433] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x410) returned 0x144 [0103.446] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.448] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0103.451] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0103.453] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.455] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0103.457] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.459] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0103.464] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0103.467] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0103.469] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0103.471] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.473] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.475] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.478] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.480] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.482] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.484] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0103.487] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.489] CloseHandle (hObject=0x144) returned 1 [0103.490] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x430) returned 0x144 [0103.519] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.521] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0103.523] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0103.525] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.528] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0103.530] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.533] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0103.535] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0103.537] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0103.539] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0103.541] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.543] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.545] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.547] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.549] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.551] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.553] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0103.555] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.557] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0103.559] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0103.561] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.563] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x76c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0103.566] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0103.568] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0103.570] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0103.573] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.574] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0103.577] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0103.578] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0103.580] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x880, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="possible.exe")) returned 1 [0103.583] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x89c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="head.exe")) returned 1 [0103.586] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="buy.exe")) returned 1 [0103.588] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation life.exe")) returned 1 [0103.590] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="group sort.exe")) returned 1 [0103.592] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="recent treat play.exe")) returned 1 [0103.595] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="participant_near.exe")) returned 1 [0103.599] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="barmarriagerule.exe")) returned 1 [0103.601] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="million_for.exe")) returned 1 [0103.603] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="situation affect.exe")) returned 1 [0103.605] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="government-significant.exe")) returned 1 [0103.607] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x918, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="heat_boy_serve.exe")) returned 1 [0103.609] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x920, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fingerreduce.exe")) returned 1 [0103.611] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x928, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="spendareaday.exe")) returned 1 [0103.613] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x930, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ever-music-growth.exe")) returned 1 [0103.614] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0103.627] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xaf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0103.629] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0103.631] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0103.633] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0103.635] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0103.637] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0103.639] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0103.641] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0103.643] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0103.646] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0103.648] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0103.650] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0103.652] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0103.656] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0103.659] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0103.662] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0103.665] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0103.668] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0103.671] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0103.674] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0103.677] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0103.680] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0103.683] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0103.686] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0103.689] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0103.724] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0103.727] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0103.730] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0103.732] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0103.735] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0103.738] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0103.741] CloseHandle (hObject=0x144) returned 1 [0103.741] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x448) returned 0x144 [0103.755] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.757] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0103.759] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0103.761] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.828] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0103.830] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.832] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0103.835] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0103.837] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0103.840] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0103.842] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.844] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.846] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.848] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.850] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.852] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.853] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0103.855] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.857] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0103.859] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0103.861] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.863] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x76c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0103.865] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0103.867] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0103.869] CloseHandle (hObject=0x144) returned 1 [0103.869] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x470) returned 0x144 [0103.884] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.886] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0103.888] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0103.890] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.893] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0103.895] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.899] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0103.901] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0103.903] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0103.906] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0103.908] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.910] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.912] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.914] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.916] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.917] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.919] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0103.923] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.927] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0103.930] CloseHandle (hObject=0x144) returned 1 [0103.930] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x490) returned 0x144 [0103.958] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0103.960] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0103.962] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0103.965] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.976] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0103.978] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0103.980] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0103.982] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0103.984] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0103.986] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0103.988] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.990] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.992] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.994] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.996] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0103.998] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.000] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0104.004] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.006] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0104.008] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0104.010] CloseHandle (hObject=0x144) returned 1 [0104.010] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x4b0) returned 0x144 [0104.024] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.026] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0104.029] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0104.031] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.034] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0104.036] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.038] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0104.040] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0104.042] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0104.043] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0104.046] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.048] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.050] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.052] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.054] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.083] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.085] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0104.088] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.090] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0104.092] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0104.094] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.097] CloseHandle (hObject=0x144) returned 1 [0104.097] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x564) returned 0x144 [0104.113] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.115] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0104.117] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0104.119] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.121] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0104.123] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.125] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0104.127] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0104.129] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0104.131] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0104.133] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.135] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.137] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.139] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.141] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.143] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.145] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0104.147] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.151] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0104.153] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0104.155] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.158] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x76c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0104.160] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0104.162] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0104.164] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0104.166] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.168] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0104.170] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0104.172] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0104.174] CloseHandle (hObject=0x144) returned 1 [0104.174] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x5a4) returned 0x144 [0104.189] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.199] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0104.201] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0104.205] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.207] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0104.209] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.211] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0104.213] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0104.215] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0104.217] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0104.220] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.222] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.224] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.226] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.228] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.230] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.232] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0104.233] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.235] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0104.237] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0104.239] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.241] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x76c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0104.243] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0104.245] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0104.247] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0104.249] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.251] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0104.253] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0104.255] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0104.258] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x880, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="possible.exe")) returned 1 [0104.259] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x89c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="head.exe")) returned 1 [0104.261] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="buy.exe")) returned 1 [0104.263] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation life.exe")) returned 1 [0104.266] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="group sort.exe")) returned 1 [0104.268] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="recent treat play.exe")) returned 1 [0104.270] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="participant_near.exe")) returned 1 [0104.273] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="barmarriagerule.exe")) returned 1 [0104.275] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="million_for.exe")) returned 1 [0104.278] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="situation affect.exe")) returned 1 [0104.280] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="government-significant.exe")) returned 1 [0104.283] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x918, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="heat_boy_serve.exe")) returned 1 [0104.285] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x920, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fingerreduce.exe")) returned 1 [0104.287] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x928, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="spendareaday.exe")) returned 1 [0104.289] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x930, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ever-music-growth.exe")) returned 1 [0104.291] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0104.293] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xaf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0104.295] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0104.297] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0104.299] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0104.301] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0104.342] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0104.345] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0104.347] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0104.349] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0104.351] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0104.353] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0104.355] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0104.357] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0104.360] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0104.362] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0104.365] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0104.368] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0104.374] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0104.377] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0104.380] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0104.383] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0104.385] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0104.388] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0104.391] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0104.394] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0104.397] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0104.400] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0104.405] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0104.408] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0104.411] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0104.414] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0104.416] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x80c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0104.418] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x848, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0104.421] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0104.423] CloseHandle (hObject=0x144) returned 1 [0104.423] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x670) returned 0x144 [0104.436] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.438] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0104.440] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0104.441] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.444] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0104.446] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.456] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0104.458] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0104.461] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0104.463] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0104.465] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.467] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.469] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.472] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.473] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.475] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.477] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0104.479] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.481] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0104.483] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0104.485] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.487] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x76c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0104.489] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0104.491] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0104.492] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0104.494] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.496] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0104.498] CloseHandle (hObject=0x144) returned 1 [0104.498] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x778) returned 0x144 [0104.513] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.515] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0104.517] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0104.519] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.521] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0104.523] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.525] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0104.527] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0104.529] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0104.532] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0104.534] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.536] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.538] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.540] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.542] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.544] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.546] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0104.547] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.549] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0104.551] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0104.553] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.555] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x76c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0104.557] CloseHandle (hObject=0x144) returned 1 [0104.557] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0104.558] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x7b4) returned 0x144 [0104.613] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0104.615] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x54, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0104.617] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0104.619] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.621] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0104.623] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0104.625] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0104.627] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0104.629] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0104.631] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0104.632] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.634] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.636] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.638] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.639] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.641] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0104.643] Process32NextW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0107.249] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0107.250] CloseHandle (hObject=0x144) returned 1 [0107.250] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x8d4) returned 0x144 [0107.263] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.648] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0113.650] CloseHandle (hObject=0x144) returned 1 [0113.651] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0xd7c) returned 0x144 [0113.669] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.938] CloseHandle (hObject=0x144) returned 1 [0113.938] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0xd8c) returned 0x144 [0113.955] Process32FirstW (in: hSnapshot=0x144, lppe=0xc00011f8d0 | out: lppe=0xc00011f8d0*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0114.269] GetCurrentProcess () returned 0xffffffffffffffff [0114.291] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0xc00011f968 | out: TokenHandle=0xc00011f968*=0x144) returned 1 [0114.292] GetProcAddress (hModule=0x7feff870000, lpProcName="GetTokenInformation") returned 0x7feff88bd50 [0114.293] GetTokenInformation (in: TokenHandle=0x144, TokenInformationClass=0x1, TokenInformation=0xc0000a3d80, TokenInformationLength=0x32, ReturnLength=0xc00011f944 | out: TokenInformation=0xc0000a3d80, ReturnLength=0xc00011f944) returned 1 [0114.294] GetTokenInformation (in: TokenHandle=0x144, TokenInformationClass=0x5, TokenInformation=0xc0000a3dc0, TokenInformationLength=0x32, ReturnLength=0xc00011f944 | out: TokenInformation=0xc0000a3dc0, ReturnLength=0xc00011f944) returned 1 [0114.336] GetProcAddress (hModule=0x7feff870000, lpProcName="ConvertSidToStringSidW") returned 0x7feff88bf70 [0114.336] ConvertSidToStringSidW (in: Sid=0xc0000a3d90*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), StringSid=0xc00011f940 | out: StringSid=0xc00011f940*="S-1-5-21-4219442223-4223814209-3835049652-1000") returned 1 [0114.337] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0114.358] GetProcAddress (hModule=0x77660000, lpProcName="LocalFree") returned 0x77673c40 [0114.358] LocalFree (hMem=0x4b6050) returned 0x0 [0114.359] ConvertSidToStringSidW (in: Sid=0xc0000a3dc8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), StringSid=0xc00011f940 | out: StringSid=0xc00011f940*="S-1-5-21-4219442223-4223814209-3835049652-513") returned 1 [0114.359] LocalFree (hMem=0x4b6050) returned 0x0 [0114.404] LoadLibraryExW (lpLibFileName="userenv.dll", hFile=0x0, dwFlags=0x800) returned 0x7fefcb70000 [0114.432] GetProcAddress (hModule=0x7fefcb70000, lpProcName="GetUserProfileDirectoryW") returned 0x7fefcb71bf0 [0114.432] GetUserProfileDirectoryW () returned 0x1 [0114.437] GetProcAddress (hModule=0x7feff870000, lpProcName="LookupAccountSidW") returned 0x7feff88b898 [0114.437] LookupAccountSidW (in: lpSystemName=0x0, Sid=0xc0000a3d90*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0xc0001580e0, cchName=0xc00011f8c8, ReferencedDomainName=0xc000158150, cchReferencedDomainName=0xc00011f8c4, peUse=0xc00011f8c0 | out: Name="kEecfMwgj", cchName=0xc00011f8c8, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0xc00011f8c4, peUse=0xc00011f8c0) returned 1 [0114.453] LoadLibraryExW (lpLibFileName="netapi32.dll", hFile=0x0, dwFlags=0x800) returned 0x7fefba20000 [0114.481] GetProcAddress (hModule=0x7fefba20000, lpProcName="NetGetJoinInformation") returned 0x7fefb9f19bc [0114.482] NetGetJoinInformation (in: lpServer=0x0, lpNameBuffer=0xc00011f8d0, BufferType=0xc00011f8cc | out: lpNameBuffer=0xc00011f8d0*="WORKGROUP", BufferType=0xc00011f8cc) returned 0x0 [0114.500] GetProcAddress (hModule=0x7fefba20000, lpProcName="NetApiBufferFree") returned 0x7fefba11010 [0114.500] NetApiBufferFree (Buffer=0x4b2be0) returned 0x0 [0114.500] GetProcAddress (hModule=0x7fefba20000, lpProcName="NetUserGetInfo") returned 0x7fefb9d1354 [0114.510] NetUserGetInfo (in: servername="Q9IATRKPRH", username="kEecfMwgj", level=0xa, bufptr=0xc00011f898 | out: bufptr=0x4aa500*(usri10_name="kEecfMwgj", usri10_comment="", usri10_usr_comment="", usri10_full_name="")) returned 0x0 [0114.559] NetApiBufferFree (Buffer=0x4aa500) returned 0x0 [0114.580] CloseHandle (hObject=0x144) returned 1 [0114.626] GetProcAddress (hModule=0x7feff870000, lpProcName="RegOpenKeyExW") returned 0x7feff8906f0 [0114.699] SetEvent (hEvent=0x138) returned 1 [0114.699] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x101, phkResult=0xc00011fa98 | out: phkResult=0xc00011fa98*=0x18c) returned 0x0 [0114.700] GetProcAddress (hModule=0x7feff870000, lpProcName="RegQueryValueExW") returned 0x7feff88c2d0 [0114.700] RegQueryValueExW (in: hKey=0x18c, lpValueName="MachineGuid", lpReserved=0x0, lpType=0xc00011f9e4, lpData=0xc00011fa68, lpcbData=0xc00011f9e0*=0x40 | out: lpType=0xc00011f9e4*=0x1, lpData=0xc00011fa68*=0x0, lpcbData=0xc00011f9e0*=0x4a) returned 0xea [0114.722] RegQueryValueExW (in: hKey=0x18c, lpValueName="MachineGuid", lpReserved=0x0, lpType=0xc00011f9e4, lpData=0xc0000a6e10, lpcbData=0xc00011f9e0*=0x4a | out: lpType=0xc00011f9e4*=0x1, lpData="b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6", lpcbData=0xc00011f9e0*=0x4a) returned 0x0 [0114.722] GetProcAddress (hModule=0x7feff870000, lpProcName="RegCloseKey") returned 0x7feff890710 [0114.722] RegCloseKey (hKey=0x18c) returned 0x0 [0114.856] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xc0000f76c0, nSize=0x64 | out: lpBuffer="") returned 0x35 [0114.856] VirtualAlloc (lpAddress=0xc00016e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016e000 [0114.857] VirtualAlloc (lpAddress=0xc000170000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000170000 [0114.858] VirtualAlloc (lpAddress=0xc000172000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000172000 [0114.858] GetEnvironmentVariableW (in: lpName="NoDefaultCurrentDirectoryInExePath", lpBuffer=0xc0000f7790, nSize=0x64 | out: lpBuffer="") returned 0x0 [0114.965] GetProcAddress (hModule=0x77660000, lpProcName="GetFileAttributesExW") returned 0x7766ac40 [0114.965] GetFileAttributesExW (in: lpFileName="wmic.com" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.com"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.966] GetProcAddress (hModule=0x77660000, lpProcName="CreateFileW") returned 0x77670d10 [0114.967] CreateFileW (lpFileName="wmic.com" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0114.988] GetFileAttributesExW (in: lpFileName="wmic.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.exe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.988] CreateFileW (lpFileName="wmic.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.exe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0114.989] GetFileAttributesExW (in: lpFileName="wmic.bat" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.bat"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.989] CreateFileW (lpFileName="wmic.bat" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.bat"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0114.989] GetFileAttributesExW (in: lpFileName="wmic.cmd" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.cmd"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.989] CreateFileW (lpFileName="wmic.cmd" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.cmd"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0114.989] GetFileAttributesExW (in: lpFileName="wmic.vbs" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.vbs"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.990] CreateFileW (lpFileName="wmic.vbs" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.vbs"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0114.990] GetFileAttributesExW (in: lpFileName="wmic.vbe" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.vbe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.990] CreateFileW (lpFileName="wmic.vbe" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.vbe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0114.990] GetFileAttributesExW (in: lpFileName="wmic.js" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.js"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.990] CreateFileW (lpFileName="wmic.js" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.js"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0114.991] GetFileAttributesExW (in: lpFileName="wmic.jse" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.jse"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.991] CreateFileW (lpFileName="wmic.jse" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.jse"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0114.991] GetFileAttributesExW (in: lpFileName="wmic.wsf" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.wsf"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.991] CreateFileW (lpFileName="wmic.wsf" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.wsf"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0114.991] GetFileAttributesExW (in: lpFileName="wmic.wsh" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.wsh"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.992] CreateFileW (lpFileName="wmic.wsh" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.wsh"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0114.992] GetFileAttributesExW (in: lpFileName="wmic.msc" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.msc"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0114.992] CreateFileW (lpFileName="wmic.msc" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.msc"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0114.992] GetEnvironmentVariableW (in: lpName="path", lpBuffer=0xc0000f7860, nSize=0x64 | out: lpBuffer="") returned 0xc9 [0114.992] VirtualAlloc (lpAddress=0xc000174000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000174000 [0114.996] GetEnvironmentVariableW (in: lpName="path", lpBuffer=0xc000174000, nSize=0xc9 | out: lpBuffer="") returned 0xc8 [0114.996] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0114.996] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0114.997] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.com" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.com"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.001] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.com" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.001] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.exe" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.exe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.001] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.exe" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.exe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.001] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.bat" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.bat"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.002] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.bat" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.bat"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.002] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.cmd" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.cmd"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.002] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.cmd" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.cmd"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.002] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.vbs" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.vbs"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.003] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.vbs" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.vbs"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.003] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.vbe" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.vbe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.003] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.vbe" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.vbe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.004] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.js" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.js"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.004] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.js" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.js"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.004] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.jse" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.jse"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.004] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.jse" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.jse"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.004] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.wsf" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.wsf"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.005] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.wsf" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.wsf"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.005] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.wsh" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.wsh"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.005] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.wsh" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.wsh"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.005] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.msc" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.msc"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.006] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.msc" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.msc"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.006] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.com" (normalized: "c:\\windows\\system32\\wmic.com"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.006] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.com" (normalized: "c:\\windows\\system32\\wmic.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.006] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.exe" (normalized: "c:\\windows\\system32\\wmic.exe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.007] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.exe" (normalized: "c:\\windows\\system32\\wmic.exe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.007] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.bat" (normalized: "c:\\windows\\system32\\wmic.bat"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.007] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.bat" (normalized: "c:\\windows\\system32\\wmic.bat"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.007] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.cmd" (normalized: "c:\\windows\\system32\\wmic.cmd"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.007] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.cmd" (normalized: "c:\\windows\\system32\\wmic.cmd"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.007] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.vbs" (normalized: "c:\\windows\\system32\\wmic.vbs"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.008] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.vbs" (normalized: "c:\\windows\\system32\\wmic.vbs"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.008] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.vbe" (normalized: "c:\\windows\\system32\\wmic.vbe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.008] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.vbe" (normalized: "c:\\windows\\system32\\wmic.vbe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.008] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.js" (normalized: "c:\\windows\\system32\\wmic.js"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.008] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.js" (normalized: "c:\\windows\\system32\\wmic.js"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.009] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.jse" (normalized: "c:\\windows\\system32\\wmic.jse"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.009] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.jse" (normalized: "c:\\windows\\system32\\wmic.jse"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.009] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.wsf" (normalized: "c:\\windows\\system32\\wmic.wsf"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.009] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.wsf" (normalized: "c:\\windows\\system32\\wmic.wsf"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.009] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.wsh" (normalized: "c:\\windows\\system32\\wmic.wsh"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.010] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.wsh" (normalized: "c:\\windows\\system32\\wmic.wsh"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.010] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.msc" (normalized: "c:\\windows\\system32\\wmic.msc"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.010] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.msc" (normalized: "c:\\windows\\system32\\wmic.msc"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.010] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.com" (normalized: "c:\\windows\\wmic.com"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.011] CreateFileW (lpFileName="C:\\Windows\\wmic.com" (normalized: "c:\\windows\\wmic.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.011] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.exe" (normalized: "c:\\windows\\wmic.exe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.011] CreateFileW (lpFileName="C:\\Windows\\wmic.exe" (normalized: "c:\\windows\\wmic.exe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.011] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.bat" (normalized: "c:\\windows\\wmic.bat"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.011] CreateFileW (lpFileName="C:\\Windows\\wmic.bat" (normalized: "c:\\windows\\wmic.bat"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.012] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.cmd" (normalized: "c:\\windows\\wmic.cmd"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.012] CreateFileW (lpFileName="C:\\Windows\\wmic.cmd" (normalized: "c:\\windows\\wmic.cmd"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.012] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.vbs" (normalized: "c:\\windows\\wmic.vbs"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.012] CreateFileW (lpFileName="C:\\Windows\\wmic.vbs" (normalized: "c:\\windows\\wmic.vbs"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.012] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.vbe" (normalized: "c:\\windows\\wmic.vbe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.012] CreateFileW (lpFileName="C:\\Windows\\wmic.vbe" (normalized: "c:\\windows\\wmic.vbe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.013] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.js" (normalized: "c:\\windows\\wmic.js"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.013] CreateFileW (lpFileName="C:\\Windows\\wmic.js" (normalized: "c:\\windows\\wmic.js"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.013] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.jse" (normalized: "c:\\windows\\wmic.jse"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.013] CreateFileW (lpFileName="C:\\Windows\\wmic.jse" (normalized: "c:\\windows\\wmic.jse"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.013] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.wsf" (normalized: "c:\\windows\\wmic.wsf"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.014] CreateFileW (lpFileName="C:\\Windows\\wmic.wsf" (normalized: "c:\\windows\\wmic.wsf"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.014] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.wsh" (normalized: "c:\\windows\\wmic.wsh"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.014] CreateFileW (lpFileName="C:\\Windows\\wmic.wsh" (normalized: "c:\\windows\\wmic.wsh"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.014] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.msc" (normalized: "c:\\windows\\wmic.msc"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.014] CreateFileW (lpFileName="C:\\Windows\\wmic.msc" (normalized: "c:\\windows\\wmic.msc"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.015] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.com" (normalized: "c:\\windows\\system32\\wbem\\wmic.com"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0115.015] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\wmic.com" (normalized: "c:\\windows\\system32\\wbem\\wmic.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.015] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4f0 | out: lpFileInformation=0xc00011f4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5694022d, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x5694022d, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xfd50fc30, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x8a400)) returned 1 [0115.144] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xc0000f7a00, nSize=0x64 | out: lpBuffer="") returned 0x35 [0115.144] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0115.145] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f298 | out: lpFileInformation=0xc00011f298*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5694022d, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x5694022d, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xfd50fc30, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x8a400)) returned 1 [0115.188] CreateFileW (lpFileName="NUL" (normalized: "\\device\\null"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0x18c [0115.210] GetConsoleMode (in: hConsoleHandle=0x18c, lpMode=0xc00011f6c4 | out: lpMode=0xc00011f6c4) returned 0 [0115.211] GetFileType (hFile=0x18c) returned 0x2 [0115.263] GetProcAddress (hModule=0x77660000, lpProcName="CreatePipe") returned 0x776643f0 [0115.263] CreatePipe (in: hReadPipe=0xc00011f718, hWritePipe=0xc00011f720, lpPipeAttributes=0xc00011f728, nSize=0x0 | out: hReadPipe=0xc00011f718*=0x194, hWritePipe=0xc00011f720*=0x198) returned 1 [0115.330] GetProcAddress (hModule=0x77660000, lpProcName="GetEnvironmentStringsW") returned 0x776761c0 [0115.330] GetEnvironmentStringsW () returned 0x4bdfc0* [0115.330] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0115.331] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0115.393] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0115.394] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0115.417] GetProcAddress (hModule=0x77660000, lpProcName="FreeEnvironmentStringsW") returned 0x776761a0 [0115.417] FreeEnvironmentStringsW (penv=0x4bdfc0) returned 1 [0115.417] LoadLibraryExW (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x800) returned 0x77880000 [0115.418] GetProcAddress (hModule=0x77880000, lpProcName="RtlGetNtVersionNumbers") returned 0x778c5160 [0115.418] RtlGetNtVersionNumbers () returned 0x778c5160 [0115.418] GetCurrentProcess () returned 0xffffffffffffffff [0115.418] GetProcAddress (hModule=0x77660000, lpProcName="DuplicateHandle") returned 0x776751b0 [0115.418] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x18c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xc0001606a8, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xc0001606a8*=0x19c) returned 1 [0115.418] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x198, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xc0001606b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xc0001606b0*=0x1a0) returned 1 [0115.418] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x198, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xc0001606b8, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xc0001606b8*=0x1a4) returned 1 [0115.442] GetProcAddress (hModule=0x77660000, lpProcName="InitializeProcThreadAttributeList") returned 0x7fefd935910 [0115.442] InitializeProcThreadAttributeList (in: lpAttributeList=0x0, dwAttributeCount=0x2, dwFlags=0x0, lpSize=0xc00011f450 | out: lpAttributeList=0x0, lpSize=0xc00011f450) returned 0 [0115.443] InitializeProcThreadAttributeList (in: lpAttributeList=0xc0000a7720, dwAttributeCount=0x2, dwFlags=0x0, lpSize=0xc00011f450 | out: lpAttributeList=0xc0000a7720, lpSize=0xc00011f450) returned 1 [0115.443] GetProcAddress (hModule=0x77660000, lpProcName="UpdateProcThreadAttribute") returned 0x7fefd935990 [0115.443] UpdateProcThreadAttribute (in: lpAttributeList=0xc0000a7720, dwFlags=0x0, Attribute=0x20002, lpValue=0xc0001606a8, cbSize=0x18, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xc0000a7720, lpPreviousValue=0x0) returned 1 [0115.443] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0115.443] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0115.444] VirtualAlloc (lpAddress=0xc00018c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00018c000 [0115.445] GetProcAddress (hModule=0x77660000, lpProcName="CreateProcessW") returned 0x77680660 [0115.445] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\Wbem\\wmic.exe", lpCommandLine="wmic cpu get name", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80400, lpEnvironment=0xc00018c000, lpCurrentDirectory=0x0, lpStartupInfo=0xc00011f670*(cb=0x70, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x19c, hStdOutput=0x1a0, hStdError=0x1a4), lpProcessInformation=0xc00011f550 | out: lpCommandLine="wmic cpu get name", lpProcessInformation=0xc00011f550*(hProcess=0x1ac, hThread=0x1a8, dwProcessId=0xdec, dwThreadId=0xdf0)) returned 1 [0115.478] CloseHandle (hObject=0x1a8) returned 1 [0115.478] GetProcAddress (hModule=0x77660000, lpProcName="DeleteProcThreadAttributeList") returned 0x7fefd932c70 [0115.479] DeleteProcThreadAttributeList (in: lpAttributeList=0xc0000a7720 | out: lpAttributeList=0xc0000a7720) [0115.479] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1a4, hTargetProcessHandle=0x0, lpTargetHandle=0x0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x1 | out: lpTargetHandle=0x0) returned 1 [0115.479] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1a0, hTargetProcessHandle=0x0, lpTargetHandle=0x0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x1 | out: lpTargetHandle=0x0) returned 1 [0115.479] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x19c, hTargetProcessHandle=0x0, lpTargetHandle=0x0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x1 | out: lpTargetHandle=0x0) returned 1 [0115.738] SetEvent (hEvent=0xbc) returned 1 [0116.185] GetProcAddress (hModule=0x77660000, lpProcName="ReadFile") returned 0x776709a0 [0116.185] ReadFile (in: hFile=0x194, lpBuffer=0xc000052200, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000047cfc, lpOverlapped=0x0 | out: lpBuffer=0xc000052200*, lpNumberOfBytesRead=0xc000047cfc*=0x2c, lpOverlapped=0x0) returned 1 [0119.395] SetEvent (hEvent=0x138) returned 1 [0119.395] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0119.396] ReadFile (in: hFile=0x194, lpBuffer=0xc00005e02c, nNumberOfBytesToRead=0x3d4, lpNumberOfBytesRead=0xc000047cfc, lpOverlapped=0x0 | out: lpBuffer=0xc00005e02c*, lpNumberOfBytesRead=0xc000047cfc*=0x2f, lpOverlapped=0x0) returned 1 [0119.396] ReadFile (in: hFile=0x194, lpBuffer=0xc00005e05b, nNumberOfBytesToRead=0x3a5, lpNumberOfBytesRead=0xc000047cfc, lpOverlapped=0x0 | out: lpBuffer=0xc00005e05b, lpNumberOfBytesRead=0xc000047cfc*=0x0, lpOverlapped=0x0) returned 0 [0119.784] SetEvent (hEvent=0x138) returned 1 [0119.784] CancelIoEx (hFile=0x194, lpOverlapped=0x0) returned 0 [0119.785] CloseHandle (hObject=0x194) returned 1 [0119.785] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0119.901] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0119.942] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0119.949] ReadFile (in: hFile=0x19c, lpBuffer=0xc000052400, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000041cfc, lpOverlapped=0x0 | out: lpBuffer=0xc000052400*, lpNumberOfBytesRead=0xc000041cfc*=0x20, lpOverlapped=0x0) returned 1 [0122.080] SetEvent (hEvent=0x138) returned 1 [0122.106] ReadFile (in: hFile=0x19c, lpBuffer=0xc00005e420, nNumberOfBytesToRead=0x3e0, lpNumberOfBytesRead=0xc000041cfc, lpOverlapped=0x0 | out: lpBuffer=0xc00005e420*, lpNumberOfBytesRead=0xc000041cfc*=0x23, lpOverlapped=0x0) returned 1 [0122.107] ReadFile (in: hFile=0x19c, lpBuffer=0xc00005e443, nNumberOfBytesToRead=0x3bd, lpNumberOfBytesRead=0xc000041cfc, lpOverlapped=0x0 | out: lpBuffer=0xc00005e443, lpNumberOfBytesRead=0xc000041cfc*=0x0, lpOverlapped=0x0) returned 0 [0122.407] SetEvent (hEvent=0x138) returned 1 [0122.407] CancelIoEx (hFile=0x19c, lpOverlapped=0x0) returned 0 [0122.407] CloseHandle (hObject=0x19c) returned 1 [0122.407] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0122.415] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0122.545] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0123.529] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0123.636] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x32ecf0, ulCount=0x10, ulNumEntriesRemoved=0x32ecc4, dwMilliseconds=0x7527, fAlertable=0 | out: lpCompletionPortEntries=0x32ecf0, ulNumEntriesRemoved=0x32ecc4) returned 1 [0129.095] WSAGetOverlappedResult (in: s=0x1c0, lpOverlapped=0xc0002480e8, lpcbTransfer=0x32ecc0, fWait=0, lpdwFlags=0x32eccc | out: lpcbTransfer=0x32ecc0, lpdwFlags=0x32eccc) returned 1 [0129.096] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x32ecf0, ulCount=0x10, ulNumEntriesRemoved=0x32ecc4, dwMilliseconds=0x6be7, fAlertable=0 | out: lpCompletionPortEntries=0x32ecf0, ulNumEntriesRemoved=0x32ecc4) returned 1 [0130.639] WSAGetOverlappedResult (in: s=0x1c0, lpOverlapped=0xc000248018, lpcbTransfer=0x32ecc0, fWait=0, lpdwFlags=0x32eccc | out: lpcbTransfer=0x32ecc0, lpdwFlags=0x32eccc) returned 1 [0130.755] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0x27830000 [0130.756] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0130.757] VirtualAlloc (lpAddress=0xc000282000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000282000 [0130.916] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0130.917] VirtualAlloc (lpAddress=0xc000286000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000286000 [0130.917] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0130.918] VirtualAlloc (lpAddress=0xc00028a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028a000 [0130.991] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0130.991] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0130.991] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0131.015] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0131.015] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0131.036] VirtualAlloc (lpAddress=0xc00029c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029c000 [0131.039] VirtualAlloc (lpAddress=0xc00029e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029e000 [0131.040] VirtualAlloc (lpAddress=0xc0002a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a0000 [0131.040] VirtualAlloc (lpAddress=0xc0002a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a2000 [0131.041] VirtualAlloc (lpAddress=0xc0002a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a6000 [0131.042] VirtualAlloc (lpAddress=0xc0002a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a8000 [0131.170] VirtualAlloc (lpAddress=0xc0002aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002aa000 [0131.196] VirtualAlloc (lpAddress=0xc0002ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ac000 [0131.218] SetEvent (hEvent=0x1e0) returned 1 [0131.218] VirtualAlloc (lpAddress=0xc0002ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ae000 [0131.407] VirtualAlloc (lpAddress=0xc0002b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b0000 [0131.449] SetEvent (hEvent=0xbc) returned 1 [0131.537] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0131.538] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0131.538] PostQueuedCompletionStatus (CompletionPort=0x1ac, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0131.538] SetEvent (hEvent=0xbc) returned 1 [0131.539] SetEvent (hEvent=0x138) returned 1 [0131.539] WSARecv (in: s=0x1c0, lpBuffers=0xc000248058, dwBufferCount=0x1, lpNumberOfBytesRecvd=0xc000248048, lpFlags=0xc0002480c8*=0x0, lpOverlapped=0xc000248018, lpCompletionRoutine=0x0 | out: lpBuffers=0xc000248058*=((len=0x1000, buf=0xc00024a000)), lpNumberOfBytesRecvd=0xc000248048*=0x2eb, lpFlags=0xc0002480c8*=0x0, lpOverlapped=0xc000248018) returned 0xffffffff [0132.258] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0132.279] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0xc0002b6000, nSize=0x64 | out: lpBuffer="") returned 0x24 [0132.300] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0132.429] VirtualAlloc (lpAddress=0xc0002ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ba000 [0132.430] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\system.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\system.txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d0 [0132.460] GetConsoleMode (in: hConsoleHandle=0x1d0, lpMode=0xc00011f914 | out: lpMode=0xc00011f914) returned 0 [0132.461] GetFileType (hFile=0x1d0) returned 0x1 [0132.461] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0132.485] GetProcAddress (hModule=0x77660000, lpProcName="WriteFile") returned 0x77681f80 [0132.485] WriteFile (in: hFile=0x1d0, lpBuffer=0x13f9fbb68*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0x13f9fbb68*, lpNumberOfBytesWritten=0xc00011f8d4*=0x1, lpOverlapped=0x0) returned 1 [0132.489] WriteFile (in: hFile=0x1d0, lpBuffer=0xc000298240*, nNumberOfBytesToWrite=0x1f, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc000298240*, lpNumberOfBytesWritten=0xc00011f8d4*=0x1f, lpOverlapped=0x0) returned 1 [0132.490] WriteFile (in: hFile=0x1d0, lpBuffer=0xc0002a60c0*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc0002a60c0*, lpNumberOfBytesWritten=0xc00011f8d4*=0x22, lpOverlapped=0x0) returned 1 [0132.490] WriteFile (in: hFile=0x1d0, lpBuffer=0xc0002a60f0*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc0002a60f0*, lpNumberOfBytesWritten=0xc00011f8d4*=0x25, lpOverlapped=0x0) returned 1 [0132.490] WriteFile (in: hFile=0x1d0, lpBuffer=0xc0002a6120*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6120*, lpNumberOfBytesWritten=0xc00011f8d4*=0x25, lpOverlapped=0x0) returned 1 [0132.510] WriteFile (in: hFile=0x1d0, lpBuffer=0xc0002a6150*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6150*, lpNumberOfBytesWritten=0xc00011f8d4*=0x25, lpOverlapped=0x0) returned 1 [0132.511] WriteFile (in: hFile=0x1d0, lpBuffer=0xc0002a6180*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6180*, lpNumberOfBytesWritten=0xc00011f8d4*=0x24, lpOverlapped=0x0) returned 1 [0132.535] WriteFile (in: hFile=0x1d0, lpBuffer=0xc000298260*, nNumberOfBytesToWrite=0x1f, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc000298260*, lpNumberOfBytesWritten=0xc00011f8d4*=0x1f, lpOverlapped=0x0) returned 1 [0132.535] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0132.536] WriteFile (in: hFile=0x1d0, lpBuffer=0xc0002a61b0*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc0002a61b0*, lpNumberOfBytesWritten=0xc00011f8d4*=0x2f, lpOverlapped=0x0) returned 1 [0132.536] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0132.537] WriteFile (in: hFile=0x1d0, lpBuffer=0xc00029a090*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc00029a090*, lpNumberOfBytesWritten=0xc00011f8d4*=0x15, lpOverlapped=0x0) returned 1 [0132.537] WriteFile (in: hFile=0x1d0, lpBuffer=0xc000282540*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc000282540*, lpNumberOfBytesWritten=0xc00011f8d4*=0xf, lpOverlapped=0x0) returned 1 [0132.537] WriteFile (in: hFile=0x1d0, lpBuffer=0xc00029a0a8*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc00029a0a8*, lpNumberOfBytesWritten=0xc00011f8d4*=0x17, lpOverlapped=0x0) returned 1 [0132.559] WriteFile (in: hFile=0x1d0, lpBuffer=0xc00029a0c0*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc00029a0c0*, lpNumberOfBytesWritten=0xc00011f8d4*=0x18, lpOverlapped=0x0) returned 1 [0132.559] WriteFile (in: hFile=0x1d0, lpBuffer=0xc0002a6210*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6210*, lpNumberOfBytesWritten=0xc00011f8d4*=0x2b, lpOverlapped=0x0) returned 1 [0132.559] WriteFile (in: hFile=0x1d0, lpBuffer=0xc0002a6240*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6240*, lpNumberOfBytesWritten=0xc00011f8d4*=0x2e, lpOverlapped=0x0) returned 1 [0132.560] WriteFile (in: hFile=0x1d0, lpBuffer=0xc0002a6270*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6270*, lpNumberOfBytesWritten=0xc00011f8d4*=0x30, lpOverlapped=0x0) returned 1 [0132.560] WriteFile (in: hFile=0x1d0, lpBuffer=0xc0002a62a0*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0xc00011f8d4, lpOverlapped=0x0 | out: lpBuffer=0xc0002a62a0*, lpNumberOfBytesWritten=0xc00011f8d4*=0x24, lpOverlapped=0x0) returned 1 [0132.560] CloseHandle (hObject=0x1d0) returned 1 [0132.691] VirtualAlloc (lpAddress=0xc0002c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c2000 [0132.718] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\iPwonTCGCC", ulOptions=0x0, samDesired=0xf003f, phkResult=0xc00011fbb0 | out: phkResult=0xc00011fbb0*=0x0) returned 0x2 [0132.801] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0132.866] LoadLibraryExW (lpLibFileName="advapi32.dll", hFile=0x0, dwFlags=0x800) returned 0x7feff870000 [0132.886] GetProcAddress (hModule=0x7feff870000, lpProcName="RegCreateKeyExW") returned 0x7feff88b520 [0132.887] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\iPwonTCGCC", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0xc00011fbb0, lpdwDisposition=0xc00011fba8 | out: phkResult=0xc00011fbb0*=0x1e8, lpdwDisposition=0xc00011fba8*=0x1) returned 0x0 [0132.889] GetProcAddress (hModule=0x7feff870000, lpProcName="RegSetValueExW") returned 0x7feff881ed0 [0132.889] RegSetValueExW (in: hKey=0x1e8, lpValueName="ID", Reserved=0x0, dwType=0x1, lpData="cM5o6GeI", cbData=0x12 | out: lpData="cM5o6GeI") returned 0x0 [0132.890] RegCloseKey (hKey=0x1e8) returned 0x0 [0132.934] GetProcAddress (hModule=0x77660000, lpProcName="CreateDirectoryW") returned 0x7766a210 [0132.935] CreateDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\Cookies" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cookies"), lpSecurityAttributes=0x0) returned 1 [0133.019] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b60d0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.060] VirtualAlloc (lpAddress=0xc0002c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c8000 [0133.061] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\google\\chrome\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.061] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0133.062] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\google\\chrome\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.062] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b61a0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.062] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\edge\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.063] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\edge\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.063] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b6270, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.084] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\bravesoftware\\brave-browser\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.084] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0133.085] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\bravesoftware\\brave-browser\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.085] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b6340, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.106] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\amigo\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.107] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0133.107] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\amigo\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.107] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b64e0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.108] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\torch\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.108] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\torch\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.154] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b6680, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.154] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yandexbrowser\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.154] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0133.155] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yandexbrowser\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.155] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b6750, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.155] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\ucozmedia\\uran\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.156] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\ucozmedia\\uran\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.156] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b6820, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.156] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\epic privacy browser\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.156] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\epic privacy browser\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.156] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b68f0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.156] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome SxS\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\google\\chrome sxs\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.157] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\google\\chrome sxs\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.157] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b69c0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.157] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\vivaldi\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.157] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\vivaldi\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.158] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b6b60, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.158] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\sputnik\\sputnik\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.158] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\sputnik\\sputnik\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.158] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b6c30, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.158] VirtualAlloc (lpAddress=0xc0002d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d2000 [0133.159] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\7star\\7star\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.159] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\7star\\7star\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.160] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b6d00, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.160] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\centbrowser\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.160] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\centbrowser\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.163] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b6dd0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.163] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\orbitum\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.164] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\orbitum\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.164] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b6f70, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.164] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\kometa\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.165] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data\\Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\kometa\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.165] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b7110, nSize=0x64 | out: lpBuffer="") returned 0x12 [0133.185] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\iridium\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.236] VirtualAlloc (lpAddress=0xc0002d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d4000 [0133.237] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xc0002d4000 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0133.258] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0xc0002b72b0, nSize=0x64 | out: lpBuffer="") returned 0x22 [0133.299] VirtualAlloc (lpAddress=0xc0002d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d6000 [0133.366] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\firefox\\profiles"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.470] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x3, dwLanguageId=0x409, lpBuffer=0xc00011eed0, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The system cannot find the path specified.\r\n") returned 0x2c [0133.470] VirtualAlloc (lpAddress=0xc0002d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d8000 [0133.492] GetProcAddress (hModule=0x77660000, lpProcName="WriteConsoleW") returned 0x776731e0 [0133.492] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002ca7e0*, nNumberOfCharsToWrite=0x8d, lpNumberOfCharsWritten=0xc00011f2f8, lpReserved=0x0 | out: lpBuffer=0xc0002ca7e0*, lpNumberOfCharsWritten=0xc00011f2f8*=0x8d) returned 1 [0133.519] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xc0002d4240 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0133.547] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming/discord/Local Storage/leveldb/" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\discord\\local storage\\leveldb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.547] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming/discord/Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\discord\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.548] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming/discordptb/Local Storage/leveldb/" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\discordptb\\local storage\\leveldb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.548] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming/discordptb/Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\discordptb\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.548] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming/discordcanary/Local Storage/leveldb/" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\discordcanary\\local storage\\leveldb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.548] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming/discordcanary/Local State" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\discordcanary\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.581] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002ac0e0*, nNumberOfCharsToWrite=0x32, lpNumberOfCharsWritten=0xc00011f668, lpReserved=0x0 | out: lpBuffer=0xc0002ac0e0*, lpNumberOfCharsWritten=0xc00011f668*=0x32) returned 1 [0133.619] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\exodus"), fInfoLevelId=0x0, lpFileInformation=0xc00011f798 | out: lpFileInformation=0xc00011f798*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0133.619] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\exodus"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.650] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coinomi" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coinomi"), fInfoLevelId=0x0, lpFileInformation=0xc00011f798 | out: lpFileInformation=0xc00011f798*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0133.651] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coinomi" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coinomi"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.651] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero" (normalized: "c:\\users\\keecfmwgj\\documents\\monero"), fInfoLevelId=0x0, lpFileInformation=0xc00011f798 | out: lpFileInformation=0xc00011f798*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0133.652] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero" (normalized: "c:\\users\\keecfmwgj\\documents\\monero"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\atomic"), fInfoLevelId=0x0, lpFileInformation=0xc00011f798 | out: lpFileInformation=0xc00011f798*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0133.653] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\atomic"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\electrum"), fInfoLevelId=0x0, lpFileInformation=0xc00011f798 | out: lpFileInformation=0xc00011f798*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0133.654] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\electrum"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.694] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x800) returned 0x77660000 [0133.694] GetProcAddress (hModule=0x77660000, lpProcName="CreateToolhelp32Snapshot") returned 0x77661c10 [0133.695] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1e8 [0133.706] GetProcAddress (hModule=0x77660000, lpProcName="Process32FirstW") returned 0x77661910 [0133.706] Process32FirstW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.708] VirtualAlloc (lpAddress=0xc0002da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002da000 [0133.709] GetProcAddress (hModule=0x77660000, lpProcName="Process32NextW") returned 0x77661b20 [0133.709] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x55, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0133.711] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0133.713] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.716] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0133.718] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.720] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0133.722] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0133.725] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0133.727] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0133.729] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.734] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.736] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.739] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.742] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.745] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.747] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0133.749] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.752] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x470, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0133.757] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0133.759] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.762] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x76c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0133.764] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0133.766] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0133.769] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0133.771] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x2dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.774] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0133.776] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0133.778] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0133.781] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x880, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="possible.exe")) returned 1 [0133.783] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x89c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="head.exe")) returned 1 [0133.784] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="buy.exe")) returned 1 [0133.786] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation life.exe")) returned 1 [0133.788] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="group sort.exe")) returned 1 [0133.790] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="recent treat play.exe")) returned 1 [0133.794] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="participant_near.exe")) returned 1 [0133.797] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="barmarriagerule.exe")) returned 1 [0133.799] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="million_for.exe")) returned 1 [0133.812] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="situation affect.exe")) returned 1 [0133.815] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="government-significant.exe")) returned 1 [0133.817] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x918, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="heat_boy_serve.exe")) returned 1 [0133.820] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x920, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fingerreduce.exe")) returned 1 [0133.822] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x928, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="spendareaday.exe")) returned 1 [0133.824] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x930, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ever-music-growth.exe")) returned 1 [0133.827] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0133.829] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xaf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0133.833] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0133.835] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0133.837] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0133.839] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0133.841] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0133.844] VirtualAlloc (lpAddress=0xc0002dc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002dc000 [0133.844] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0133.847] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0133.849] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0133.851] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0133.854] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0133.857] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0133.859] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0133.862] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0133.866] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0133.869] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0133.872] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0133.876] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0133.879] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0133.883] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0133.886] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0133.888] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0133.891] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0133.894] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0133.897] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0133.900] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0133.904] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0133.907] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0133.910] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0133.913] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xbf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0133.917] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x430, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0133.921] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x80c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0133.924] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x848, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0133.928] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0133.934] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x850, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0133.938] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0133.940] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0133.942] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="sea.exe")) returned 1 [0133.945] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="mother_hospital.exe")) returned 1 [0133.947] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0133.950] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x88c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0133.952] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0133.955] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0133.957] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xa40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0133.960] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0133.963] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0133.965] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0133.968] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecuriteInfo.com.Trojan-PSW.Agent.26016.exe")) returned 1 [0133.970] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0133.973] Process32NextW (in: hSnapshot=0x1e8, lppe=0xc0002d4480 | out: lppe=0xc0002d4480*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0133.976] GetProcAddress (hModule=0x77660000, lpProcName="CloseHandle") returned 0x77681960 [0133.976] CloseHandle (hObject=0x1e8) returned 1 [0134.003] GetEnvironmentVariableW (in: lpName="LOCALAPPDATA", lpBuffer=0xc0002b7380, nSize=0x64 | out: lpBuffer="") returned 0x20 [0134.003] VirtualAlloc (lpAddress=0xc0002e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e0000 [0134.004] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0134.005] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\exodus" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\exodus"), fInfoLevelId=0x0, lpFileInformation=0xc00011f848 | out: lpFileInformation=0xc00011f848*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.005] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\exodus" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\exodus"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.005] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x409, lpBuffer=0xc00011f440, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0134.005] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002ba180*, nNumberOfCharsToWrite=0x5f, lpNumberOfCharsWritten=0xc00011f4f8, lpReserved=0x0 | out: lpBuffer=0xc0002ba180*, lpNumberOfCharsWritten=0xc00011f4f8*=0x5f) returned 1 [0134.087] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\cM5o6GeI.zip" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cm5o6gei.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0134.089] GetConsoleMode (in: hConsoleHandle=0x1e8, lpMode=0xc00011ed1c | out: lpMode=0xc00011ed1c) returned 0 [0134.091] GetFileType (hFile=0x1e8) returned 0x1 [0134.091] VirtualAlloc (lpAddress=0xc0002e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e4000 [0134.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\autofills.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\autofills.txt"), fInfoLevelId=0x0, lpFileInformation=0xc00011eac0 | out: lpFileInformation=0xc00011eac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.092] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\autofills.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\autofills.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\passwords.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\passwords.txt"), fInfoLevelId=0x0, lpFileInformation=0xc00011eac0 | out: lpFileInformation=0xc00011eac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.092] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\passwords.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\passwords.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\bookmarks.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\bookmarks.txt"), fInfoLevelId=0x0, lpFileInformation=0xc00011eac0 | out: lpFileInformation=0xc00011eac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.092] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\bookmarks.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\bookmarks.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\cards.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cards.txt"), fInfoLevelId=0x0, lpFileInformation=0xc00011eac0 | out: lpFileInformation=0xc00011eac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.093] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\cards.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cards.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\discord-tokens.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\discord-tokens.txt"), fInfoLevelId=0x0, lpFileInformation=0xc00011eac0 | out: lpFileInformation=0xc00011eac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.093] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\discord-tokens.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\discord-tokens.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.094] GetFileAttributesExW (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\exodus-passwords.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\exodus-passwords.txt"), fInfoLevelId=0x0, lpFileInformation=0xc00011eac0 | out: lpFileInformation=0xc00011eac0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.094] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\exodus-passwords.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\exodus-passwords.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.094] GetFileAttributesExW (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\system.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\system.txt"), fInfoLevelId=0x0, lpFileInformation=0xc00011eac0 | out: lpFileInformation=0xc00011eac0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9a2a0c80, ftCreationTime.dwHighDateTime=0x1da5d2f, ftLastAccessTime.dwLowDateTime=0x9a2a0c80, ftLastAccessTime.dwHighDateTime=0x1da5d2f, ftLastWriteTime.dwLowDateTime=0x9a2f8ac0, ftLastWriteTime.dwHighDateTime=0x1da5d2f, nFileSizeHigh=0x0, nFileSizeLow=0x223)) returned 1 [0134.094] VirtualAlloc (lpAddress=0xc0002e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e6000 [0134.117] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\system.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\system.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0x1ec [0134.117] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00011ec94 | out: lpMode=0xc00011ec94) returned 0 [0134.118] GetFileType (hFile=0x1ec) returned 0x1 [0134.208] VirtualAlloc (lpAddress=0xc0002e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e8000 [0134.271] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0134.293] VirtualAlloc (lpAddress=0xc000300000, dwSize=0xa2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0134.332] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0134.332] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0134.333] VirtualAlloc (lpAddress=0xc0002f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f0000 [0134.334] VirtualAlloc (lpAddress=0xc0003a2000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a2000 [0134.335] VirtualAlloc (lpAddress=0xc0003b2000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b2000 [0134.337] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0134.340] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0002f2000, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0xc00011ebdc, lpOverlapped=0x0 | out: lpBuffer=0xc0002f2000*, lpNumberOfBytesRead=0xc00011ebdc*=0x223, lpOverlapped=0x0) returned 1 [0134.385] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0002f2000, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0xc00011ebdc, lpOverlapped=0x0 | out: lpBuffer=0xc0002f2000*, lpNumberOfBytesRead=0xc00011ebdc*=0x0, lpOverlapped=0x0) returned 1 [0134.385] CloseHandle (hObject=0x1ec) returned 1 [0134.388] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\intentlauncher\\launcherconfig" (normalized: "c:\\users\\keecfmwgj\\intentlauncher\\launcherconfig"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.389] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\intentlauncher\\launcherconfig" (normalized: "c:\\users\\keecfmwgj\\intentlauncher\\launcherconfig"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.389] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\.lunarclient\\settings\\game\\accounts.json" (normalized: "c:\\users\\keecfmwgj\\.lunarclient\\settings\\game\\accounts.json"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.389] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\.lunarclient\\settings\\game\\accounts.json" (normalized: "c:\\users\\keecfmwgj\\.lunarclient\\settings\\game\\accounts.json"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.390] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.minecraft\\TlauncherProfiles.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.minecraft\\tlauncherprofiles.json"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.390] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.minecraft\\TlauncherProfiles.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.minecraft\\tlauncherprofiles.json"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.390] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.feather\\accounts.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.feather\\accounts.json"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.390] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.feather\\accounts.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.feather\\accounts.json"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.391] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.minecraft\\meteor-client\\accounts.nbt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.minecraft\\meteor-client\\accounts.nbt"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.391] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.minecraft\\meteor-client\\accounts.nbt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.minecraft\\meteor-client\\accounts.nbt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.391] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.minecraft\\Impact\\alts.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.minecraft\\impact\\alts.json"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.391] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.minecraft\\Impact\\alts.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.minecraft\\impact\\alts.json"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.392] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.minecraft\\Novoline\\alts.novo" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.minecraft\\novoline\\alts.novo"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.392] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.minecraft\\Novoline\\alts.novo" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.minecraft\\novoline\\alts.novo"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.392] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.minecraft\\launcher_accounts_microsoft_store.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.minecraft\\launcher_accounts_microsoft_store.json"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.392] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.minecraft\\launcher_accounts_microsoft_store.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.minecraft\\launcher_accounts_microsoft_store.json"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.392] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.minecraft\\Rise\\alts.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.minecraft\\rise\\alts.txt"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.393] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.minecraft\\Rise\\alts.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.minecraft\\rise\\alts.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\intentlauncher\\Rise\\alts.txt" (normalized: "c:\\users\\keecfmwgj\\intentlauncher\\rise\\alts.txt"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.393] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\intentlauncher\\Rise\\alts.txt" (normalized: "c:\\users\\keecfmwgj\\intentlauncher\\rise\\alts.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\paladium-group\\accounts.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\paladium-group\\accounts.json"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.394] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\paladium-group\\accounts.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\paladium-group\\accounts.json"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.394] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PolyMC\\accounts.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\polymc\\accounts.json"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.394] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PolyMC\\accounts.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\polymc\\accounts.json"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.395] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Badlion Client\\accounts.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\badlion client\\accounts.json"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.395] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Badlion Client\\accounts.json" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\badlion client\\accounts.json"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.395] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0xc0002b7860, nSize=0x64 | out: lpBuffer="") returned 0x22 [0134.415] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\exodus\\exodus.wallet"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.416] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\exodus\\exodus.wallet"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.416] GetEnvironmentVariableW (in: lpName="LOCALAPPDATA", lpBuffer=0xc0002b7930, nSize=0x64 | out: lpBuffer="") returned 0x20 [0134.416] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\coinomi\\coinomi\\wallets" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coinomi\\coinomi\\wallets"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.416] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\coinomi\\coinomi\\wallets" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coinomi\\coinomi\\wallets"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.416] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0xc0002b7a00, nSize=0x64 | out: lpBuffer="") returned 0x22 [0134.416] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Tox" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\tox"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.417] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Tox" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\tox"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.417] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0002b7ad0, nSize=0x64 | out: lpBuffer="") returned 0x12 [0134.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets" (normalized: "c:\\users\\keecfmwgj\\documents\\monero\\wallets"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.458] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Monero\\wallets" (normalized: "c:\\users\\keecfmwgj\\documents\\monero\\wallets"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.458] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0xc0002b7ba0, nSize=0x64 | out: lpBuffer="") returned 0x22 [0134.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic\\databases" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\atomic\\databases"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.459] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic\\databases" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\atomic\\databases"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic\\databases" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\atomic\\databases"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.459] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic\\databases" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\atomic\\databases"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic\\databases" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\atomic\\databases"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.459] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic\\databases" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\atomic\\databases"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.460] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic\\databases" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\atomic\\databases"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.460] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic\\databases" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\atomic\\databases"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.460] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0134.462] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0xc0002fa000, nSize=0x64 | out: lpBuffer="") returned 0x22 [0134.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\electrum\\wallets"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.463] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\electrum\\wallets"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.463] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0xc0002fa1a0, nSize=0x64 | out: lpBuffer="") returned 0x22 [0134.483] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\telegram desktop\\tdata"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.484] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Telegram Desktop\\tdata" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\telegram desktop\\tdata"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.504] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0xc0002fa270, nSize=0x64 | out: lpBuffer="") returned 0x22 [0134.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Signal" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\signal"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.505] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Signal" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\signal"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.525] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Steam\\config" (normalized: "c:\\program files (x86)\\steam\\config"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.526] CreateFileW (lpFileName="C:\\Program Files (x86)\\Steam\\config" (normalized: "c:\\program files (x86)\\steam\\config"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.526] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0xc0002fa340, nSize=0x64 | out: lpBuffer="") returned 0x22 [0134.526] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\filezilla\\recentservers.xml"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.526] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\filezilla\\recentservers.xml"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.527] GetFileAttributesExW (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\Cookies" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cookies"), fInfoLevelId=0x0, lpFileInformation=0xc00011ead0 | out: lpFileInformation=0xc00011ead0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9a355720, ftCreationTime.dwHighDateTime=0x1da5d2f, ftLastAccessTime.dwLowDateTime=0x9a355720, ftLastAccessTime.dwHighDateTime=0x1da5d2f, ftLastWriteTime.dwLowDateTime=0x9a355720, ftLastWriteTime.dwHighDateTime=0x1da5d2f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\Cookies" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cookies"), fInfoLevelId=0x0, lpFileInformation=0xc00011ea48 | out: lpFileInformation=0xc00011ea48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9a355720, ftCreationTime.dwHighDateTime=0x1da5d2f, ftLastAccessTime.dwLowDateTime=0x9a355720, ftLastAccessTime.dwHighDateTime=0x1da5d2f, ftLastWriteTime.dwLowDateTime=0x9a355720, ftLastWriteTime.dwHighDateTime=0x1da5d2f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.571] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\Cookies" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cookies"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0x1ec [0134.571] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00011eb4c | out: lpMode=0xc00011eb4c) returned 0 [0134.572] GetFileType (hFile=0x1ec) returned 0x1 [0134.596] GetProcAddress (hModule=0x77660000, lpProcName="FindFirstFileW") returned 0x7767b1b0 [0134.596] FindFirstFileW (in: lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\Cookies\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cookies\\*"), lpFindFileData=0xc00011e7b8 | out: lpFindFileData=0xc00011e7b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9a355720, ftCreationTime.dwHighDateTime=0x1da5d2f, ftLastAccessTime.dwLowDateTime=0x9a355720, ftLastAccessTime.dwHighDateTime=0x1da5d2f, ftLastWriteTime.dwLowDateTime=0x9a355720, ftLastWriteTime.dwHighDateTime=0x1da5d2f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4bc2c0 [0134.597] GetProcAddress (hModule=0x77660000, lpProcName="FindNextFileW") returned 0x77670db0 [0134.597] FindNextFileW (in: hFindFile=0x4bc2c0, lpFindFileData=0xc00011e8b0 | out: lpFindFileData=0xc00011e8b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9a355720, ftCreationTime.dwHighDateTime=0x1da5d2f, ftLastAccessTime.dwLowDateTime=0x9a355720, ftLastAccessTime.dwHighDateTime=0x1da5d2f, ftLastWriteTime.dwLowDateTime=0x9a355720, ftLastWriteTime.dwHighDateTime=0x1da5d2f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.597] FindNextFileW (in: hFindFile=0x4bc2c0, lpFindFileData=0xc00011e8b0 | out: lpFindFileData=0xc00011e8b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.597] GetProcAddress (hModule=0x77660000, lpProcName="FindClose") returned 0x7767b190 [0134.597] FindClose (in: hFindFile=0x4bc2c0 | out: hFindFile=0x4bc2c0) returned 1 [0134.598] CloseHandle (hObject=0x1ec) returned 1 [0134.793] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0134.899] WriteFile (in: hFile=0x1e8, lpBuffer=0xc0002e4000*, nNumberOfBytesToWrite=0x1c3, lpNumberOfBytesWritten=0xc00011eb24, lpOverlapped=0x0 | out: lpBuffer=0xc0002e4000*, lpNumberOfBytesWritten=0xc00011eb24*=0x1c3, lpOverlapped=0x0) returned 1 [0134.903] CloseHandle (hObject=0x1e8) returned 1 [0134.905] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0xc0002fa410, nSize=0x64 | out: lpBuffer="") returned 0x24 [0134.905] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\cM5o6GeI.zip" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cm5o6gei.zip"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0x1e8 [0134.906] GetConsoleMode (in: hConsoleHandle=0x1e8, lpMode=0xc00011fa9c | out: lpMode=0xc00011fa9c) returned 0 [0134.908] GetFileType (hFile=0x1e8) returned 0x1 [0134.908] GetFileType (hFile=0x1e8) returned 0x1 [0134.909] GetProcAddress (hModule=0x77660000, lpProcName="GetFileInformationByHandle") returned 0x7766f690 [0134.909] GetFileInformationByHandle (in: hFile=0x1e8, lpFileInformation=0xc00011faac | out: lpFileInformation=0xc00011faac) returned 1 [0134.909] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x800) returned 0x77660000 [0134.910] GetProcAddress (hModule=0x77660000, lpProcName="GetFileInformationByHandleEx") returned 0x776712f0 [0134.910] GetFileInformationByHandleEx (in: hFile=0x1e8, FileInformationClass=0x9, lpFileInformation=0xc00011fa58, dwBufferSize=0x8 | out: lpFileInformation=0xc00011fa58) returned 1 [0134.911] ReadFile (in: hFile=0x1e8, lpBuffer=0xc0002b0200, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011fa64, lpOverlapped=0x0 | out: lpBuffer=0xc0002b0200*, lpNumberOfBytesRead=0xc00011fa64*=0x1c3, lpOverlapped=0x0) returned 1 [0134.911] ReadFile (in: hFile=0x1e8, lpBuffer=0xc0002b03c3, nNumberOfBytesToRead=0x3d, lpNumberOfBytesRead=0xc00011fa64, lpOverlapped=0x0 | out: lpBuffer=0xc0002b03c3*, lpNumberOfBytesRead=0xc00011fa64*=0x0, lpOverlapped=0x0) returned 1 [0134.911] CloseHandle (hObject=0x1e8) returned 1 [0134.932] VirtualAlloc (lpAddress=0xc0003c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c4000 [0134.933] VirtualAlloc (lpAddress=0xc0003c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c6000 [0134.954] VirtualAlloc (lpAddress=0xc0003c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c8000 [0135.226] VirtualAlloc (lpAddress=0xc0003ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ca000 [0135.331] VirtualAlloc (lpAddress=0xc0003cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003cc000 [0135.332] VirtualAlloc (lpAddress=0xc0003ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ce000 [0135.333] VirtualAlloc (lpAddress=0xc0003d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d0000 [0135.334] VirtualAlloc (lpAddress=0xc0003d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d2000 [0135.378] VirtualAlloc (lpAddress=0xc0003d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d4000 [0135.379] VirtualAlloc (lpAddress=0xc0003d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d6000 [0135.380] VirtualAlloc (lpAddress=0xc0003d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d8000 [0135.462] VirtualAlloc (lpAddress=0xc0003da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003da000 [0135.462] VirtualAlloc (lpAddress=0xc0003dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003dc000 [0135.463] VirtualAlloc (lpAddress=0xc0003de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003de000 [0135.567] VirtualAlloc (lpAddress=0xc0003e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e0000 [0135.694] SetEvent (hEvent=0xbc) returned 1 [0135.695] PostQueuedCompletionStatus (CompletionPort=0x1ac, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0135.865] VirtualAlloc (lpAddress=0xc0003e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e2000 [0135.867] GetAddrInfoW (in: pNodeName="hzp02itt0a.com", pServiceName=0x0, pHints=0xc0003e7f40*(ai_flags=0, ai_family=0, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xc0003e7e78 | out: ppResult=0xc0003e7e78*=0x1e76260*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x1e762a0*(sa_family=2, sin_port=0x0, sin_addr="193.178.170.30"), ai_next=0x0)) returned 0 [0136.086] SetEvent (hEvent=0x138) returned 1 [0136.086] FreeAddrInfoW (pAddrInfo=0x1e76260*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x1e762a0*(sa_family=2, sin_port=0x0, sin_addr="193.178.170.30"), ai_next=0x0)) [0136.086] SetEvent (hEvent=0x1e0) returned 1 [0136.087] WSASocketW (af=2, type=1, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x81) returned 0x1e8 [0136.087] CreateIoCompletionPort (FileHandle=0x1e8, ExistingCompletionPort=0x1ac, CompletionKey=0x0, NumberOfConcurrentThreads=0x0) returned 0x1ac [0136.088] SetFileCompletionNotificationModes (FileHandle=0x1e8, Flags=0x3) returned 1 [0136.088] bind (s=0x1e8, addr=0xc0003da3cc*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0136.088] ConnectEx (in: s=0x1e8, name=0xc0003da3ac*(sa_family=2, sin_port=0x50, sin_addr="193.178.170.30"), namelen=16, lpSendBuffer=0x0, dwSendDataLength=0x0, lpdwBytesSent=0x0, lpOverlapped=0xc0002bcfe8 | out: lpdwBytesSent=0x0) returned 0 [0136.089] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) Thread: id = 2 os_tid = 0xdac [0083.971] free (_Block=0x785ae0) [0083.971] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f710, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f710*=0x98) returned 1 [0083.972] VirtualQuery (in: lpAddress=0x27a8f718, lpBuffer=0x27a8f718, dwLength=0x30 | out: lpBuffer=0x27a8f718*(BaseAddress=0x27a8f000, AllocationBase=0x27890000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0083.972] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.026] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.030] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.063] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.111] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.161] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.165] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.295] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0084.296] SuspendThread (hThread=0xd8) returned 0x0 [0084.296] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10216, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000398a8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0f5ffd, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0084.300] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10216, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000398a0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0084.311] ResumeThread (hThread=0xd8) returned 0x1 [0084.311] CloseHandle (hObject=0xd8) returned 1 [0084.311] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.320] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.322] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.435] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.535] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.641] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0084.641] SuspendThread (hThread=0xd8) returned 0x0 [0084.641] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000039968, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f109000, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0084.642] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000039960, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0084.642] ResumeThread (hThread=0xd8) returned 0x1 [0084.642] CloseHandle (hObject=0xd8) returned 1 [0084.642] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.748] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.852] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.955] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0084.956] SuspendThread (hThread=0xd8) returned 0x0 [0084.956] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000039b38, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f120d20, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0084.957] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000039b30, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0084.957] ResumeThread (hThread=0xd8) returned 0x1 [0084.957] CloseHandle (hObject=0xd8) returned 1 [0084.957] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0084.959] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0085.076] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0085.180] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0085.283] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0085.283] SuspendThread (hThread=0xd8) returned 0x0 [0085.283] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000039a28, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f196b00, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0085.284] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000039a20, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0085.284] ResumeThread (hThread=0xd8) returned 0x1 [0085.284] CloseHandle (hObject=0xd8) returned 1 [0085.285] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0085.286] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0085.389] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0085.495] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0085.496] SuspendThread (hThread=0xd8) returned 0x0 [0085.496] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000039498, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f1a9fff, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0085.496] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000039490, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0085.497] ResumeThread (hThread=0xd8) returned 0x1 [0085.497] CloseHandle (hObject=0xd8) returned 1 [0085.497] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0085.599] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0085.699] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0085.803] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0085.803] SuspendThread (hThread=0xd8) returned 0x0 [0085.804] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b0180, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f1bf160, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0085.804] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b0178, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0085.805] ResumeThread (hThread=0xd8) returned 0x1 [0085.805] CloseHandle (hObject=0xd8) returned 1 [0085.805] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0085.910] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0086.015] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0086.148] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0086.148] SuspendThread (hThread=0xd8) returned 0x0 [0086.148] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b0168, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f1ccffd, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0086.149] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b0160, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0086.149] ResumeThread (hThread=0xd8) returned 0x1 [0086.149] CloseHandle (hObject=0xd8) returned 1 [0086.149] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0086.151] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0086.255] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0086.361] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0086.466] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0086.466] SuspendThread (hThread=0xd8) returned 0x0 [0086.466] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b0150, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f1d6001, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0086.467] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b0148, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0086.467] ResumeThread (hThread=0xd8) returned 0x1 [0086.467] CloseHandle (hObject=0xd8) returned 1 [0086.467] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0086.578] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0086.700] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0086.700] SuspendThread (hThread=0xd8) returned 0x0 [0086.700] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b0098, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0f4880, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0086.701] ResumeThread (hThread=0xd8) returned 0x1 [0086.702] CloseHandle (hObject=0xd8) returned 1 [0086.702] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0086.703] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0086.808] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0086.912] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0087.017] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0087.017] SuspendThread (hThread=0xd8) returned 0x0 [0087.018] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b1a28, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f227e60, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0087.018] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b1a20, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0087.019] ResumeThread (hThread=0xd8) returned 0x1 [0087.019] CloseHandle (hObject=0xd8) returned 1 [0087.019] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0087.020] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0087.140] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0087.254] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0087.254] SuspendThread (hThread=0xd8) returned 0x0 [0087.254] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b1570, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f229020, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0087.256] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b1568, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0087.257] ResumeThread (hThread=0xd8) returned 0x1 [0087.257] CloseHandle (hObject=0xd8) returned 1 [0087.257] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0087.391] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0087.499] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0087.634] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0087.634] SuspendThread (hThread=0xd8) returned 0x0 [0087.634] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b1500, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f218000, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0087.635] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b14f8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0087.635] ResumeThread (hThread=0xd8) returned 0x1 [0087.635] CloseHandle (hObject=0xd8) returned 1 [0087.635] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0087.637] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0087.756] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0087.865] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0087.994] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0087.994] SuspendThread (hThread=0xd8) returned 0x0 [0087.996] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b1308, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f23f021, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0087.997] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b1300, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0087.998] ResumeThread (hThread=0xd8) returned 0x1 [0087.999] CloseHandle (hObject=0xd8) returned 1 [0087.999] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.001] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.127] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.237] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xd8) returned 1 [0088.237] SuspendThread (hThread=0xd8) returned 0x0 [0088.237] GetThreadContext (in: hThread=0xd8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b1760, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f1e7420, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0088.238] SetThreadContext (hThread=0xd8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000b1758, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0088.238] ResumeThread (hThread=0xd8) returned 0x1 [0088.238] CloseHandle (hObject=0xd8) returned 1 [0088.239] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.240] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.247] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.442] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0088.442] SuspendThread (hThread=0xf8) returned 0x0 [0088.442] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf918, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f2573a0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0088.509] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf910, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0088.533] ResumeThread (hThread=0xf8) returned 0x1 [0088.533] CloseHandle (hObject=0xf8) returned 1 [0088.534] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.539] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.549] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.648] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.678] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.685] SetEvent (hEvent=0xbc) returned 1 [0088.685] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.687] SetEvent (hEvent=0xbc) returned 1 [0088.687] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.794] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0088.794] SuspendThread (hThread=0xf8) returned 0x0 [0088.794] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfb38, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f273de0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0088.795] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfb30, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0088.796] ResumeThread (hThread=0xf8) returned 0x1 [0088.796] CloseHandle (hObject=0xf8) returned 1 [0088.796] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0088.906] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0089.013] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0089.120] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0089.120] SuspendThread (hThread=0xf8) returned 0x0 [0089.120] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfc38, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f28c0a0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0089.121] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfc30, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0089.121] ResumeThread (hThread=0xf8) returned 0x1 [0089.121] CloseHandle (hObject=0xf8) returned 1 [0089.121] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0089.163] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0089.269] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0089.393] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0089.393] SuspendThread (hThread=0xf8) returned 0x0 [0089.393] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfcb0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f2cf026, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0089.394] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfca8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0089.394] ResumeThread (hThread=0xf8) returned 0x1 [0089.395] CloseHandle (hObject=0xf8) returned 1 [0089.395] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0089.397] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0089.502] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0089.608] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0089.721] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0089.721] SuspendThread (hThread=0xf8) returned 0x0 [0089.721] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfa50, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f333fa0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0089.722] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfa48, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0089.722] ResumeThread (hThread=0xf8) returned 0x1 [0089.723] CloseHandle (hObject=0xf8) returned 1 [0089.723] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0089.724] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0089.830] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0089.937] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0090.053] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0090.053] SuspendThread (hThread=0xf8) returned 0x0 [0090.053] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfc48, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f3641a0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.054] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfc40, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.055] ResumeThread (hThread=0xf8) returned 0x1 [0090.055] CloseHandle (hObject=0xf8) returned 1 [0090.055] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0090.163] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0090.273] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0090.379] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0090.379] SuspendThread (hThread=0xf8) returned 0x0 [0090.379] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfca8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f37bec0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.380] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfca0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.380] ResumeThread (hThread=0xf8) returned 0x1 [0090.380] CloseHandle (hObject=0xf8) returned 1 [0090.380] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0090.382] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0090.505] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0090.614] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0090.724] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0090.724] SuspendThread (hThread=0xf8) returned 0x0 [0090.725] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf990, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f3f3ffe, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.727] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf988, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.728] ResumeThread (hThread=0xf8) returned 0x1 [0090.728] CloseHandle (hObject=0xf8) returned 1 [0090.728] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0090.730] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0090.839] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0090.937] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0091.048] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0091.048] SuspendThread (hThread=0xf8) returned 0x0 [0091.049] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf9e8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f4229e0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.049] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf9e0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.050] ResumeThread (hThread=0xf8) returned 0x1 [0091.050] CloseHandle (hObject=0xf8) returned 1 [0091.050] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0091.154] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0091.272] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0091.273] SuspendThread (hThread=0xf8) returned 0x0 [0091.273] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf918, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f4315c0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.277] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf910, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.278] ResumeThread (hThread=0xf8) returned 0x1 [0091.278] CloseHandle (hObject=0xf8) returned 1 [0091.279] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0091.280] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0091.392] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0091.498] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0091.606] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0091.606] SuspendThread (hThread=0xf8) returned 0x0 [0091.606] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf618, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f44cfff, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.607] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf610, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.607] ResumeThread (hThread=0xf8) returned 0x1 [0091.608] CloseHandle (hObject=0xf8) returned 1 [0091.608] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0091.725] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0091.830] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0091.935] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0091.935] SuspendThread (hThread=0xf8) returned 0x0 [0091.935] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf7a8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f471560, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.936] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf7a0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.937] ResumeThread (hThread=0xf8) returned 0x1 [0091.937] CloseHandle (hObject=0xf8) returned 1 [0091.937] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0092.043] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0092.148] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0092.148] SuspendThread (hThread=0xf8) returned 0x0 [0092.148] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf910, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f4a84e0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0092.149] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf908, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0092.149] ResumeThread (hThread=0xf8) returned 0x1 [0092.149] CloseHandle (hObject=0xf8) returned 1 [0092.149] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0092.151] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0092.256] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0092.361] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0092.466] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0092.466] SuspendThread (hThread=0xf8) returned 0x0 [0092.467] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf870, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f258400, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0092.469] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf868, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0092.470] ResumeThread (hThread=0xf8) returned 0x1 [0092.470] CloseHandle (hObject=0xf8) returned 1 [0092.470] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0092.604] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0092.712] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0092.713] SuspendThread (hThread=0xf8) returned 0x0 [0092.713] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10297, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf970, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f4f646e, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0092.713] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10297, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf968, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0092.714] ResumeThread (hThread=0xf8) returned 0x1 [0092.714] CloseHandle (hObject=0xf8) returned 1 [0092.714] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0092.716] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0092.832] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0092.939] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0093.051] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0093.051] SuspendThread (hThread=0xf8) returned 0x0 [0093.051] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfa28, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f55a000, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.052] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cfa20, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.052] ResumeThread (hThread=0xf8) returned 0x1 [0093.052] CloseHandle (hObject=0xf8) returned 1 [0093.053] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0093.054] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0093.160] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0093.297] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0093.297] SuspendThread (hThread=0xf8) returned 0x0 [0093.297] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf918, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f569940, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.297] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000cf910, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.298] ResumeThread (hThread=0xf8) returned 0x1 [0093.298] CloseHandle (hObject=0xf8) returned 1 [0093.298] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0093.300] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0093.408] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0093.526] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0093.526] SuspendThread (hThread=0xf8) returned 0x0 [0093.526] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fc48, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f579500, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.527] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fc40, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.531] ResumeThread (hThread=0xf8) returned 0x1 [0093.531] CloseHandle (hObject=0xf8) returned 1 [0093.531] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0093.533] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0093.654] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0093.756] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0093.862] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0093.862] SuspendThread (hThread=0xf8) returned 0x0 [0093.863] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f918, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f581ffd, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.864] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f910, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.864] ResumeThread (hThread=0xf8) returned 0x1 [0093.864] CloseHandle (hObject=0xf8) returned 1 [0093.864] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0093.974] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0094.078] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0094.079] SuspendThread (hThread=0xf8) returned 0x0 [0094.079] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fd58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f63fa40, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.079] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fd50, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.080] ResumeThread (hThread=0xf8) returned 0x1 [0094.080] CloseHandle (hObject=0xf8) returned 1 [0094.080] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0094.295] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0094.505] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0094.505] SuspendThread (hThread=0xf8) returned 0x0 [0094.505] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011efa8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f5b3080, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.506] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011efa0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.506] ResumeThread (hThread=0xf8) returned 0x1 [0094.506] CloseHandle (hObject=0xf8) returned 1 [0094.506] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0094.715] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0094.826] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0094.826] SuspendThread (hThread=0xf8) returned 0x0 [0094.827] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011efb0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f642ffd, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.829] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011efa8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.830] ResumeThread (hThread=0xf8) returned 0x1 [0094.830] CloseHandle (hObject=0xf8) returned 1 [0094.830] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0094.951] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0095.171] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0095.171] SuspendThread (hThread=0xf8) returned 0x0 [0095.171] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011efb0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f644ffc, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.172] ResumeThread (hThread=0xf8) returned 0x1 [0095.172] CloseHandle (hObject=0xf8) returned 1 [0095.172] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0095.380] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0095.604] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0095.604] SuspendThread (hThread=0xf8) returned 0x0 [0095.604] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fce8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f653b60, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.605] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fce0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.605] ResumeThread (hThread=0xf8) returned 0x1 [0095.605] CloseHandle (hObject=0xf8) returned 1 [0095.606] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0095.815] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0096.023] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0096.023] SuspendThread (hThread=0xf8) returned 0x0 [0096.024] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011cc48, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f66efff, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.024] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011cc40, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.025] ResumeThread (hThread=0xf8) returned 0x1 [0096.025] CloseHandle (hObject=0xf8) returned 1 [0096.025] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0096.396] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0096.631] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0096.632] SuspendThread (hThread=0xf8) returned 0x0 [0096.632] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10297, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011cc40, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f67f025, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.633] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10297, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011cc38, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.634] ResumeThread (hThread=0xf8) returned 0x1 [0096.634] CloseHandle (hObject=0xf8) returned 1 [0096.635] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0096.743] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0096.855] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0096.855] SuspendThread (hThread=0xf8) returned 0x0 [0096.855] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10297, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011cc50, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6870b5, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.856] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10297, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011cc48, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.857] ResumeThread (hThread=0xf8) returned 0x1 [0096.857] CloseHandle (hObject=0xf8) returned 1 [0096.857] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0097.071] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0097.283] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0097.283] SuspendThread (hThread=0xf8) returned 0x0 [0097.283] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011cc10, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f697000, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0097.284] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011cc08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0097.284] ResumeThread (hThread=0xf8) returned 0x1 [0097.284] CloseHandle (hObject=0xf8) returned 1 [0097.284] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0097.393] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0097.615] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0097.615] SuspendThread (hThread=0xf8) returned 0x0 [0097.616] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10203, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011cc38, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f69effe, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0097.616] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10203, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011cc30, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0097.617] ResumeThread (hThread=0xf8) returned 0x1 [0097.617] CloseHandle (hObject=0xf8) returned 1 [0097.617] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0097.852] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0098.066] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0098.066] SuspendThread (hThread=0xf8) returned 0x0 [0098.066] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10216, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011cc40, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6ac000, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.066] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10216, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011cc38, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.067] ResumeThread (hThread=0xf8) returned 0x1 [0098.067] CloseHandle (hObject=0xf8) returned 1 [0098.067] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0098.218] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0098.430] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0098.430] SuspendThread (hThread=0xf8) returned 0x0 [0098.431] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10216, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011eff0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6cdfe0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.431] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10216, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011efe8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.432] ResumeThread (hThread=0xf8) returned 0x1 [0098.432] CloseHandle (hObject=0xf8) returned 1 [0098.432] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0098.647] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0098.866] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0098.866] SuspendThread (hThread=0xf8) returned 0x0 [0098.866] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fa10, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6b38e0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.866] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fa08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.867] ResumeThread (hThread=0xf8) returned 0x1 [0098.867] CloseHandle (hObject=0xf8) returned 1 [0098.867] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0098.983] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0099.197] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0099.197] SuspendThread (hThread=0xf8) returned 0x0 [0099.198] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fd58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6e22a0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.198] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fd50, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.199] ResumeThread (hThread=0xf8) returned 0x1 [0099.199] CloseHandle (hObject=0xf8) returned 1 [0099.199] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0099.296] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0099.334] SetEvent (hEvent=0xbc) returned 1 [0099.334] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0099.357] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.360] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x138 [0099.361] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x13c [0099.361] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a8f648*=0x138, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.448] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.449] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0099.449] SuspendThread (hThread=0xf8) returned 0x0 [0099.449] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10212, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fb58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6e4000, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.450] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10212, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fb50, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.450] ResumeThread (hThread=0xf8) returned 0x1 [0099.450] CloseHandle (hObject=0xf8) returned 1 [0099.450] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0099.568] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0099.674] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0099.674] SuspendThread (hThread=0xf8) returned 0x0 [0099.674] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f288, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6f2220, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.675] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f280, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.675] ResumeThread (hThread=0xf8) returned 0x1 [0099.676] CloseHandle (hObject=0xf8) returned 1 [0099.676] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0099.783] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0099.898] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0099.898] SuspendThread (hThread=0xf8) returned 0x0 [0099.899] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f288, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6f8000, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.899] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f280, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.900] ResumeThread (hThread=0xf8) returned 0x1 [0099.900] CloseHandle (hObject=0xf8) returned 1 [0099.900] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0100.007] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0100.079] SetEvent (hEvent=0xbc) returned 1 [0100.080] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0100.187] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0xf8) returned 1 [0100.188] SuspendThread (hThread=0xf8) returned 0x0 [0100.188] GetThreadContext (in: hThread=0xf8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fc58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f7051e0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0100.219] SetThreadContext (hThread=0xf8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fc50, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0100.220] ResumeThread (hThread=0xf8) returned 0x1 [0100.220] CloseHandle (hObject=0xf8) returned 1 [0100.220] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0100.350] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0100.450] SetEvent (hEvent=0xbc) returned 1 [0100.450] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0101.004] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x144) returned 1 [0101.025] SuspendThread (hThread=0x144) returned 0x0 [0101.025] GetThreadContext (in: hThread=0x144, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x32f5a8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0cb880, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0101.041] ResumeThread (hThread=0x144) returned 0x1 [0101.041] CloseHandle (hObject=0x144) returned 1 [0101.062] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0101.187] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0101.304] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x144) returned 1 [0101.305] SuspendThread (hThread=0x144) returned 0x0 [0101.305] GetThreadContext (in: hThread=0x144, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fb88, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f70d000, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0101.405] SetThreadContext (hThread=0x144, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fb80, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0101.406] ResumeThread (hThread=0x144) returned 0x1 [0101.407] CloseHandle (hObject=0x144) returned 1 [0101.407] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0101.513] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0101.618] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x148) returned 1 [0101.618] SuspendThread (hThread=0x148) returned 0x0 [0101.618] GetThreadContext (in: hThread=0x148, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f6a0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f09a580, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0101.619] ResumeThread (hThread=0x148) returned 0x1 [0101.619] CloseHandle (hObject=0x148) returned 1 [0101.620] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0101.728] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0101.836] SetEvent (hEvent=0xbc) returned 1 [0101.837] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0101.953] SetEvent (hEvent=0xbc) returned 1 [0101.953] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0102.059] SetEvent (hEvent=0xbc) returned 1 [0102.059] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0102.170] SetEvent (hEvent=0xbc) returned 1 [0102.170] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0102.291] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x144) returned 1 [0102.291] SuspendThread (hThread=0x144) returned 0x0 [0102.291] GetThreadContext (in: hThread=0x144, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x32f630, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0b5320, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.292] ResumeThread (hThread=0x144) returned 0x1 [0102.292] CloseHandle (hObject=0x144) returned 1 [0102.292] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0102.398] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0102.503] SetEvent (hEvent=0xbc) returned 1 [0102.503] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0102.613] SetEvent (hEvent=0xbc) returned 1 [0102.613] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0102.777] SetEvent (hEvent=0xbc) returned 1 [0102.777] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0102.821] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.821] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a8f648*=0x138, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.225] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.225] SetEvent (hEvent=0xbc) returned 1 [0103.225] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0103.388] SetEvent (hEvent=0xbc) returned 1 [0103.389] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0103.510] SetEvent (hEvent=0xbc) returned 1 [0103.510] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0103.624] SetEvent (hEvent=0xbc) returned 1 [0103.624] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0103.788] SetEvent (hEvent=0xbc) returned 1 [0103.789] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0103.943] SetEvent (hEvent=0xbc) returned 1 [0103.943] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0104.082] SetEvent (hEvent=0xbc) returned 1 [0104.082] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0104.198] SetEvent (hEvent=0xbc) returned 1 [0104.198] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0104.341] SetEvent (hEvent=0xbc) returned 1 [0104.341] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0104.454] SetEvent (hEvent=0xbc) returned 1 [0104.454] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0104.566] SetEvent (hEvent=0xbc) returned 1 [0104.566] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0104.739] SetEvent (hEvent=0xbc) returned 1 [0104.739] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0104.853] SetEvent (hEvent=0xbc) returned 1 [0104.853] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0104.964] SetEvent (hEvent=0xbc) returned 1 [0104.964] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0105.107] SetEvent (hEvent=0xbc) returned 1 [0105.107] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0105.253] SetEvent (hEvent=0xbc) returned 1 [0105.253] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0105.360] SetEvent (hEvent=0xbc) returned 1 [0105.360] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0105.476] SetEvent (hEvent=0xbc) returned 1 [0105.476] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0105.583] SetEvent (hEvent=0xbc) returned 1 [0105.583] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0105.796] SetEvent (hEvent=0xbc) returned 1 [0105.796] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0105.914] SetEvent (hEvent=0xbc) returned 1 [0105.914] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0106.063] SetEvent (hEvent=0xbc) returned 1 [0106.063] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0106.184] SetEvent (hEvent=0xbc) returned 1 [0106.184] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0106.299] SetEvent (hEvent=0xbc) returned 1 [0106.299] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0106.511] SetEvent (hEvent=0xbc) returned 1 [0106.511] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0106.628] SetEvent (hEvent=0xbc) returned 1 [0106.628] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0106.766] SetEvent (hEvent=0xbc) returned 1 [0106.766] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0106.872] SetEvent (hEvent=0xbc) returned 1 [0106.872] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0106.979] SetEvent (hEvent=0xbc) returned 1 [0106.979] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0107.093] SetEvent (hEvent=0xbc) returned 1 [0107.093] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0107.197] SetEvent (hEvent=0xbc) returned 1 [0107.197] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0107.304] SetEvent (hEvent=0xbc) returned 1 [0107.304] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0107.411] SetEvent (hEvent=0xbc) returned 1 [0107.411] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0107.518] SetEvent (hEvent=0xbc) returned 1 [0107.518] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0107.624] SetEvent (hEvent=0xbc) returned 1 [0107.624] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0107.732] SetEvent (hEvent=0xbc) returned 1 [0107.732] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0108.016] SetEvent (hEvent=0xbc) returned 1 [0108.016] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0108.143] SetEvent (hEvent=0xbc) returned 1 [0108.143] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0108.255] SetEvent (hEvent=0xbc) returned 1 [0108.255] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0108.366] SetEvent (hEvent=0xbc) returned 1 [0108.366] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0108.474] SetEvent (hEvent=0xbc) returned 1 [0108.474] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0108.582] SetEvent (hEvent=0xbc) returned 1 [0108.582] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0108.690] SetEvent (hEvent=0xbc) returned 1 [0108.690] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0108.827] SetEvent (hEvent=0xbc) returned 1 [0108.827] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0108.935] SetEvent (hEvent=0xbc) returned 1 [0108.935] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0109.042] SetEvent (hEvent=0xbc) returned 1 [0109.042] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0109.164] SetEvent (hEvent=0xbc) returned 1 [0109.164] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0109.270] SetEvent (hEvent=0xbc) returned 1 [0109.270] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0109.378] SetEvent (hEvent=0xbc) returned 1 [0109.378] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0109.490] SetEvent (hEvent=0xbc) returned 1 [0109.491] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0109.608] SetEvent (hEvent=0xbc) returned 1 [0109.608] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0109.715] SetEvent (hEvent=0xbc) returned 1 [0109.715] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0109.840] SetEvent (hEvent=0xbc) returned 1 [0109.841] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0109.950] SetEvent (hEvent=0xbc) returned 1 [0109.951] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0110.072] SetEvent (hEvent=0xbc) returned 1 [0110.073] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0110.186] SetEvent (hEvent=0xbc) returned 1 [0110.186] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0110.305] SetEvent (hEvent=0xbc) returned 1 [0110.305] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0110.412] SetEvent (hEvent=0xbc) returned 1 [0110.412] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0110.556] SetEvent (hEvent=0xbc) returned 1 [0110.557] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0110.674] SetEvent (hEvent=0xbc) returned 1 [0110.674] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0110.801] SetEvent (hEvent=0xbc) returned 1 [0110.801] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0110.907] SetEvent (hEvent=0xbc) returned 1 [0110.907] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0111.013] SetEvent (hEvent=0xbc) returned 1 [0111.013] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0111.133] SetEvent (hEvent=0xbc) returned 1 [0111.133] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0111.244] SetEvent (hEvent=0xbc) returned 1 [0111.244] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0111.351] SetEvent (hEvent=0xbc) returned 1 [0111.352] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0111.456] SetEvent (hEvent=0xbc) returned 1 [0111.457] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0111.569] SetEvent (hEvent=0xbc) returned 1 [0111.569] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0111.683] SetEvent (hEvent=0xbc) returned 1 [0111.683] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0111.810] SetEvent (hEvent=0xbc) returned 1 [0111.810] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0111.918] SetEvent (hEvent=0xbc) returned 1 [0111.918] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0112.029] SetEvent (hEvent=0xbc) returned 1 [0112.029] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0112.153] SetEvent (hEvent=0xbc) returned 1 [0112.153] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0112.264] SetEvent (hEvent=0xbc) returned 1 [0112.264] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0112.372] SetEvent (hEvent=0xbc) returned 1 [0112.373] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0112.481] SetEvent (hEvent=0xbc) returned 1 [0112.481] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0112.590] SetEvent (hEvent=0xbc) returned 1 [0112.590] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0112.703] SetEvent (hEvent=0xbc) returned 1 [0112.704] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0112.981] SetEvent (hEvent=0xbc) returned 1 [0112.981] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0113.106] SetEvent (hEvent=0xbc) returned 1 [0113.106] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0113.222] SetEvent (hEvent=0xbc) returned 1 [0113.222] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0113.324] SetEvent (hEvent=0xbc) returned 1 [0113.324] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0113.433] SetEvent (hEvent=0xbc) returned 1 [0113.433] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0113.541] SetEvent (hEvent=0xbc) returned 1 [0113.541] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0113.647] SetEvent (hEvent=0xbc) returned 1 [0113.648] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0113.753] SetEvent (hEvent=0xbc) returned 1 [0113.753] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0113.947] SetEvent (hEvent=0xbc) returned 1 [0113.947] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0114.053] SetEvent (hEvent=0xbc) returned 1 [0114.053] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0114.175] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x144) returned 1 [0114.176] SuspendThread (hThread=0x144) returned 0x0 [0114.177] GetThreadContext (in: hThread=0x144, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fc60, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f702593, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0114.181] SetThreadContext (hThread=0x144, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fc58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0114.182] ResumeThread (hThread=0x144) returned 0x1 [0114.182] CloseHandle (hObject=0x144) returned 1 [0114.183] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0114.291] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0114.401] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x148) returned 1 [0114.402] SuspendThread (hThread=0x148) returned 0x0 [0114.402] GetThreadContext (in: hThread=0x148, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f770, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0a2b20, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0114.403] SetThreadContext (hThread=0x148, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f768, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0114.403] ResumeThread (hThread=0x148) returned 0x1 [0114.403] CloseHandle (hObject=0x148) returned 1 [0114.403] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0114.556] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0114.626] SetEvent (hEvent=0xbc) returned 1 [0114.627] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0114.696] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.697] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a8f648*=0x138, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.744] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.744] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x18c) returned 1 [0114.744] SuspendThread (hThread=0x18c) returned 0x0 [0114.744] GetThreadContext (in: hThread=0x18c, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fa80, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f64e840, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0114.745] SetThreadContext (hThread=0x18c, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fa78, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0114.746] ResumeThread (hThread=0x18c) returned 0x1 [0114.746] CloseHandle (hObject=0x18c) returned 1 [0114.749] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0114.856] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0114.965] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0115.080] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x18c) returned 1 [0115.080] SuspendThread (hThread=0x18c) returned 0x0 [0115.080] GetThreadContext (in: hThread=0x18c, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fa80, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f651ec0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0115.080] SetThreadContext (hThread=0x18c, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fa78, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0115.081] ResumeThread (hThread=0x18c) returned 0x1 [0115.081] CloseHandle (hObject=0x18c) returned 1 [0115.081] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0115.188] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0115.211] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0115.307] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x19c) returned 1 [0115.307] SuspendThread (hThread=0x19c) returned 0x0 [0115.307] GetThreadContext (in: hThread=0x19c, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f7c8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f256f40, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0115.308] SetThreadContext (hThread=0x19c, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f7c0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0115.308] ResumeThread (hThread=0x19c) returned 0x1 [0115.308] CloseHandle (hObject=0x19c) returned 1 [0115.309] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0115.416] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0115.472] SetEvent (hEvent=0xbc) returned 1 [0115.472] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0115.543] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x19c) returned 1 [0115.543] SuspendThread (hThread=0x19c) returned 0x0 [0115.543] GetThreadContext (in: hThread=0x19c, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10212, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x32f5a0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0d5740, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0115.620] ResumeThread (hThread=0x19c) returned 0x1 [0115.620] CloseHandle (hObject=0x19c) returned 1 [0115.620] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0115.802] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x19c) returned 1 [0115.802] SuspendThread (hThread=0x19c) returned 0x0 [0115.802] GetThreadContext (in: hThread=0x19c, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10287, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000047d60, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f11ffa0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0116.009] SetThreadContext (hThread=0x19c, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10287, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000047d58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0116.125] ResumeThread (hThread=0x19c) returned 0x1 [0116.125] CloseHandle (hObject=0x19c) returned 1 [0116.125] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0116.186] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0116.188] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0116.196] SetEvent (hEvent=0xc8) returned 1 [0116.196] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0116.221] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.221] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a8f648*=0x138, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.398] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.398] SetEvent (hEvent=0xc8) returned 1 [0119.398] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0119.453] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.453] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a8f648*=0x138, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.796] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.797] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0119.899] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0119.900] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0119.920] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0119.920] SetEvent (hEvent=0xa0) returned 1 [0119.920] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0119.942] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0119.943] SetEvent (hEvent=0xa0) returned 1 [0119.943] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0119.949] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0119.985] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0119.986] SetEvent (hEvent=0xc8) returned 1 [0119.986] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0120.025] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.026] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a8f648*=0x138, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.126] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.127] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0122.127] SetEvent (hEvent=0xc8) returned 1 [0122.127] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0122.150] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.150] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a8f648*=0x138, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.414] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.415] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0122.545] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0122.545] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0122.650] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1b4) returned 1 [0122.651] SuspendThread (hThread=0x1b4) returned 0x0 [0122.651] GetThreadContext (in: hThread=0x1b4, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f910, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f60da20, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0122.652] SetThreadContext (hThread=0x1b4, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f908, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0122.653] ResumeThread (hThread=0x1b4) returned 0x1 [0122.653] CloseHandle (hObject=0x1b4) returned 1 [0122.653] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0122.758] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0122.758] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0122.866] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0122.866] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1b4) returned 1 [0122.866] SuspendThread (hThread=0x1b4) returned 0x0 [0122.866] GetThreadContext (in: hThread=0x1b4, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011ee90, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f5c7be0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0122.867] SetThreadContext (hThread=0x1b4, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011ee88, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0122.867] ResumeThread (hThread=0x1b4) returned 0x1 [0122.868] CloseHandle (hObject=0x1b4) returned 1 [0122.868] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0122.976] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0122.976] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0123.081] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0123.189] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0123.190] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1b4) returned 1 [0123.190] SuspendThread (hThread=0x1b4) returned 0x0 [0123.190] GetThreadContext (in: hThread=0x1b4, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f098, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6388a0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.191] SetThreadContext (hThread=0x1b4, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f090, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.191] ResumeThread (hThread=0x1b4) returned 0x1 [0123.192] CloseHandle (hObject=0x1b4) returned 1 [0123.192] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0123.303] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0123.303] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0123.410] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0123.410] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1b4) returned 1 [0123.411] SuspendThread (hThread=0x1b4) returned 0x0 [0123.411] GetThreadContext (in: hThread=0x1b4, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011eec0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0a1fe0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.412] SetThreadContext (hThread=0x1b4, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011eeb8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.412] ResumeThread (hThread=0x1b4) returned 0x1 [0123.412] CloseHandle (hObject=0x1b4) returned 1 [0123.413] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0123.528] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0123.528] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0123.635] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1b4) returned 1 [0123.635] SuspendThread (hThread=0x1b4) returned 0x0 [0123.636] GetThreadContext (in: hThread=0x1b4, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000241730, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f232780, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.637] SetThreadContext (hThread=0x1b4, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000241728, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.637] ResumeThread (hThread=0x1b4) returned 0x1 [0123.638] CloseHandle (hObject=0x1b4) returned 1 [0123.638] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0123.751] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0123.863] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1b4) returned 1 [0123.863] SuspendThread (hThread=0x1b4) returned 0x0 [0123.863] GetThreadContext (in: hThread=0x1b4, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000ad378, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f46ba60, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.864] SetThreadContext (hThread=0x1b4, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000ad370, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.864] ResumeThread (hThread=0x1b4) returned 0x1 [0123.864] CloseHandle (hObject=0x1b4) returned 1 [0123.864] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0123.976] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0124.086] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1b4) returned 1 [0124.086] SuspendThread (hThread=0x1b4) returned 0x0 [0124.086] GetThreadContext (in: hThread=0x1b4, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000243da8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f477b00, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0124.088] SetThreadContext (hThread=0x1b4, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000243da0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0124.088] ResumeThread (hThread=0x1b4) returned 0x1 [0124.088] CloseHandle (hObject=0x1b4) returned 1 [0124.088] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0124.803] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0125.013] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0125.356] timeEndPeriod (uPeriod=0x1) returned 0x0 [0125.582] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a8f648*=0x138, bWaitAll=0, dwMilliseconds=0x729d) returned 0x0 [0126.921] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0126.945] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1c0) returned 1 [0126.945] SuspendThread (hThread=0x1c0) returned 0x0 [0126.945] GetThreadContext (in: hThread=0x1c0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000243c58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0cda40, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.035] SetThreadContext (hThread=0x1c0, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000243c50, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.037] ResumeThread (hThread=0x1c0) returned 0x1 [0127.038] CloseHandle (hObject=0x1c0) returned 1 [0127.038] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0127.060] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0127.082] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0127.165] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0127.271] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0127.379] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1c0) returned 1 [0127.379] SuspendThread (hThread=0x1c0) returned 0x0 [0127.379] GetThreadContext (in: hThread=0x1c0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000243d88, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f097b80, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.380] SetThreadContext (hThread=0x1c0, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000243d80, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.381] ResumeThread (hThread=0x1c0) returned 0x1 [0127.381] CloseHandle (hObject=0x1c0) returned 1 [0127.381] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0127.487] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0127.607] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1c0) returned 1 [0127.608] SuspendThread (hThread=0x1c0) returned 0x0 [0127.608] GetThreadContext (in: hThread=0x1c0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000241ea0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f465dbd, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.609] SetThreadContext (hThread=0x1c0, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000241e98, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.609] ResumeThread (hThread=0x1c0) returned 0x1 [0127.609] CloseHandle (hObject=0x1c0) returned 1 [0127.609] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0127.713] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0127.817] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0127.922] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1c0) returned 1 [0127.925] SuspendThread (hThread=0x1c0) returned 0x0 [0127.925] GetThreadContext (in: hThread=0x1c0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000ad410, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f235be0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.925] SetThreadContext (hThread=0x1c0, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000ad408, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.926] ResumeThread (hThread=0x1c0) returned 0x1 [0127.926] CloseHandle (hObject=0x1c0) returned 1 [0127.926] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0128.040] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0128.142] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0128.246] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1c0) returned 1 [0128.246] SuspendThread (hThread=0x1c0) returned 0x0 [0128.246] GetThreadContext (in: hThread=0x1c0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000accf8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0b3320, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0128.246] ResumeThread (hThread=0x1c0) returned 0x1 [0128.247] CloseHandle (hObject=0x1c0) returned 1 [0128.247] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0128.350] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1c0) returned 1 [0128.350] SuspendThread (hThread=0x1c0) returned 0x0 [0128.350] GetThreadContext (in: hThread=0x1c0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2800f630, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0b96c0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0128.351] ResumeThread (hThread=0x1c0) returned 0x1 [0128.351] CloseHandle (hObject=0x1c0) returned 1 [0128.351] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0128.646] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0128.753] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1c8) returned 1 [0128.754] SuspendThread (hThread=0x1c8) returned 0x0 [0128.754] GetThreadContext (in: hThread=0x1c8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000acd28, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0e5da0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0128.758] SetThreadContext (hThread=0x1c8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000acd20, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0128.759] ResumeThread (hThread=0x1c8) returned 0x1 [0128.759] CloseHandle (hObject=0x1c8) returned 1 [0128.759] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0128.867] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0128.975] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1c8) returned 1 [0128.975] SuspendThread (hThread=0x1c8) returned 0x0 [0128.975] GetThreadContext (in: hThread=0x1c8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000aceb0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f247d40, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0128.977] SetThreadContext (hThread=0x1c8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000acea8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0128.978] ResumeThread (hThread=0x1c8) returned 0x1 [0128.978] CloseHandle (hObject=0x1c8) returned 1 [0128.978] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0129.094] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0129.205] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1cc) returned 1 [0129.205] SuspendThread (hThread=0x1cc) returned 0x0 [0129.205] GetThreadContext (in: hThread=0x1cc, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10216, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000ad1c0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f485ec0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0129.207] SetThreadContext (hThread=0x1cc, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10216, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000ad1b8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0129.208] ResumeThread (hThread=0x1cc) returned 0x1 [0129.208] CloseHandle (hObject=0x1cc) returned 1 [0129.208] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0129.313] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0129.417] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0129.707] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1d0) returned 1 [0129.707] SuspendThread (hThread=0x1d0) returned 0x0 [0129.707] GetThreadContext (in: hThread=0x1d0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011ee78, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f54f940, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0129.795] SetThreadContext (hThread=0x1d0, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011ee70, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0129.839] ResumeThread (hThread=0x1d0) returned 0x1 [0129.840] CloseHandle (hObject=0x1d0) returned 1 [0129.840] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0129.946] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0130.052] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1d0) returned 1 [0130.053] SuspendThread (hThread=0x1d0) returned 0x0 [0130.053] GetThreadContext (in: hThread=0x1d0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00023dc98, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f63a3c0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0130.054] SetThreadContext (hThread=0x1d0, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00023dc90, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0130.054] ResumeThread (hThread=0x1d0) returned 0x1 [0130.054] CloseHandle (hObject=0x1d0) returned 1 [0130.054] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0130.157] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0130.262] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0130.365] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1d0) returned 1 [0130.366] SuspendThread (hThread=0x1d0) returned 0x0 [0130.366] GetThreadContext (in: hThread=0x1d0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00023d9c8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f2367c0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0130.366] SetThreadContext (hThread=0x1d0, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00023d9c0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0130.367] ResumeThread (hThread=0x1d0) returned 0x1 [0130.367] CloseHandle (hObject=0x1d0) returned 1 [0130.367] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0130.470] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0130.516] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0130.518] timeEndPeriod (uPeriod=0x1) returned 0x0 [0130.518] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a8f648*=0x138, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.586] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.586] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0131.709] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1d0) returned 1 [0131.710] SuspendThread (hThread=0x1d0) returned 0x0 [0131.710] GetThreadContext (in: hThread=0x1d0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f518, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f151001, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0131.710] ResumeThread (hThread=0x1d0) returned 0x1 [0131.711] CloseHandle (hObject=0x1d0) returned 1 [0131.711] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0131.807] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0131.913] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0132.028] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1d0) returned 1 [0132.028] SuspendThread (hThread=0x1d0) returned 0x0 [0132.029] GetThreadContext (in: hThread=0x1d0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f028, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f14aee0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0132.029] SetThreadContext (hThread=0x1d0, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f020, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0132.029] ResumeThread (hThread=0x1d0) returned 0x1 [0132.030] CloseHandle (hObject=0x1d0) returned 1 [0132.030] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0132.133] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0132.237] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0132.343] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1d0) returned 1 [0132.343] SuspendThread (hThread=0x1d0) returned 0x0 [0132.343] GetThreadContext (in: hThread=0x1d0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f9f8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f7070c0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0132.344] SetThreadContext (hThread=0x1d0, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f9f0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0132.345] ResumeThread (hThread=0x1d0) returned 0x1 [0132.345] CloseHandle (hObject=0x1d0) returned 1 [0132.345] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0132.458] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0132.460] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0132.562] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0132.688] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1d0) returned 1 [0132.688] SuspendThread (hThread=0x1d0) returned 0x0 [0132.688] GetThreadContext (in: hThread=0x1d0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fbc8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6e30a0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0132.690] SetThreadContext (hThread=0x1d0, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fbc0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0132.690] ResumeThread (hThread=0x1d0) returned 0x1 [0132.690] CloseHandle (hObject=0x1d0) returned 1 [0132.690] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0132.800] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0132.912] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1e8) returned 1 [0132.912] SuspendThread (hThread=0x1e8) returned 0x0 [0132.912] GetThreadContext (in: hThread=0x1e8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fc58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6efee0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0132.913] SetThreadContext (hThread=0x1e8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fc50, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0132.913] ResumeThread (hThread=0x1e8) returned 0x1 [0132.913] CloseHandle (hObject=0x1e8) returned 1 [0132.914] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0133.019] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0133.130] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1e8) returned 1 [0133.130] SuspendThread (hThread=0x1e8) returned 0x0 [0133.131] GetThreadContext (in: hThread=0x1e8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10287, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f110, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f722b40, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0133.131] SetThreadContext (hThread=0x1e8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10287, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f108, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0133.132] ResumeThread (hThread=0x1e8) returned 0x1 [0133.132] CloseHandle (hObject=0x1e8) returned 1 [0133.132] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0133.235] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0133.341] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1e8) returned 1 [0133.342] SuspendThread (hThread=0x1e8) returned 0x0 [0133.342] GetThreadContext (in: hThread=0x1e8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f4d0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f2d1a00, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0133.343] SetThreadContext (hThread=0x1e8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f4c8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0133.343] ResumeThread (hThread=0x1e8) returned 0x1 [0133.343] CloseHandle (hObject=0x1e8) returned 1 [0133.343] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0133.449] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0133.497] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0133.579] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1e8) returned 1 [0133.579] SuspendThread (hThread=0x1e8) returned 0x0 [0133.579] GetThreadContext (in: hThread=0x1e8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fc58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f70d380, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0133.580] SetThreadContext (hThread=0x1e8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fc50, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0133.580] ResumeThread (hThread=0x1e8) returned 0x1 [0133.581] CloseHandle (hObject=0x1e8) returned 1 [0133.581] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0133.583] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0133.692] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1e8) returned 1 [0133.692] SuspendThread (hThread=0x1e8) returned 0x0 [0133.692] GetThreadContext (in: hThread=0x1e8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fbe8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f65cb60, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0133.693] SetThreadContext (hThread=0x1e8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fbe0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0133.693] ResumeThread (hThread=0x1e8) returned 0x1 [0133.693] CloseHandle (hObject=0x1e8) returned 1 [0133.694] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0133.801] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0133.916] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.008] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.037] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1e8) returned 1 [0134.037] SuspendThread (hThread=0x1e8) returned 0x0 [0134.037] GetThreadContext (in: hThread=0x1e8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fc58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6faf20, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.038] SetThreadContext (hThread=0x1e8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011fc50, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.038] ResumeThread (hThread=0x1e8) returned 0x1 [0134.038] CloseHandle (hObject=0x1e8) returned 1 [0134.039] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.090] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.118] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.139] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1f0) returned 1 [0134.139] SuspendThread (hThread=0x1f0) returned 0x0 [0134.140] GetThreadContext (in: hThread=0x1f0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011ed78, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f376240, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.140] SetThreadContext (hThread=0x1f0, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011ed70, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.141] ResumeThread (hThread=0x1f0) returned 0x1 [0134.141] CloseHandle (hObject=0x1f0) returned 1 [0134.141] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.251] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.362] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1f0) returned 1 [0134.362] SuspendThread (hThread=0x1f0) returned 0x0 [0134.362] GetThreadContext (in: hThread=0x1f0, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011ebf8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f366320, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.363] ResumeThread (hThread=0x1f0) returned 0x1 [0134.363] CloseHandle (hObject=0x1f0) returned 1 [0134.364] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.462] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.569] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1ec) returned 1 [0134.569] SuspendThread (hThread=0x1ec) returned 0x0 [0134.569] GetThreadContext (in: hThread=0x1ec, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011ed58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f2d0cc0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.570] SetThreadContext (hThread=0x1ec, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011ed50, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.570] ResumeThread (hThread=0x1ec) returned 0x1 [0134.571] CloseHandle (hObject=0x1ec) returned 1 [0134.571] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.670] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.814] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1ec) returned 1 [0134.814] SuspendThread (hThread=0x1ec) returned 0x0 [0134.814] GetThreadContext (in: hThread=0x1ec, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011e960, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f2381e0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.837] SetThreadContext (hThread=0x1ec, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011e958, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.837] ResumeThread (hThread=0x1ec) returned 0x1 [0134.837] CloseHandle (hObject=0x1ec) returned 1 [0134.838] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.907] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0134.954] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0135.058] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1e8) returned 1 [0135.058] SuspendThread (hThread=0x1e8) returned 0x0 [0135.058] GetThreadContext (in: hThread=0x1e8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011ef70, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0d90e0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0135.059] ResumeThread (hThread=0x1e8) returned 0x1 [0135.059] CloseHandle (hObject=0x1e8) returned 1 [0135.059] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0135.165] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0135.269] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0135.376] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1e8) returned 1 [0135.377] SuspendThread (hThread=0x1e8) returned 0x0 [0135.377] GetThreadContext (in: hThread=0x1e8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10293, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011eee8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f2b2d00, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0135.377] SetThreadContext (hThread=0x1e8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10293, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011eee0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0135.378] ResumeThread (hThread=0x1e8) returned 0x1 [0135.378] CloseHandle (hObject=0x1e8) returned 1 [0135.378] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0135.485] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0135.589] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0135.692] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a8f190, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a8f190*=0x1e8) returned 1 [0135.692] SuspendThread (hThread=0x1e8) returned 0x0 [0135.692] GetThreadContext (in: hThread=0x1e8, lpContext=0x27a8f1a0 | out: lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10216, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f220, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f6388a0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0135.693] SetThreadContext (hThread=0x1e8, lpContext=0x27a8f1a0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10216, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00011f218, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x13f0ed860, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0135.693] ResumeThread (hThread=0x1e8) returned 0x1 [0135.694] CloseHandle (hObject=0x1e8) returned 1 [0135.694] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0135.820] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x27a8eee8, ulCount=0x10, ulNumEntriesRemoved=0x27a8eebc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a8eee8, ulNumEntriesRemoved=0x27a8eebc) returned 0 [0135.820] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0135.871] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0135.872] timeEndPeriod (uPeriod=0x1) returned 0x0 [0135.872] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a8f648*=0x138, bWaitAll=0, dwMilliseconds=0x7511) returned 0x0 [0136.089] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0136.089] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0136.095] timeEndPeriod (uPeriod=0x1) returned 0x0 [0136.095] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a8f648*=0x138, bWaitAll=0, dwMilliseconds=0x7433) returned 0x0 [0136.191] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0136.191] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0136.205] timeEndPeriod (uPeriod=0x1) returned 0x0 [0136.205] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a8f648*=0x138, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0136.404] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0136.404] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0136.409] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) returned 0x102 [0136.461] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x27a8f6a0) Thread: id = 3 os_tid = 0xdb0 [0084.053] free (_Block=0x785b00) [0084.053] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27d8fa30, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27d8fa30*=0xa8) returned 1 [0084.054] VirtualQuery (in: lpAddress=0x27d8fa38, lpBuffer=0x27d8fa38, dwLength=0x30 | out: lpBuffer=0x27d8fa38*(BaseAddress=0x27d8f000, AllocationBase=0x27b90000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0084.054] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0x720000 [0084.055] VirtualAlloc (lpAddress=0xc000080000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000080000 [0084.056] VirtualAlloc (lpAddress=0xc000082000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000082000 [0084.057] VirtualAlloc (lpAddress=0xc000084000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000084000 [0084.058] malloc (_Size=0x18) returned 0x785b00 [0084.058] _beginthread (_StartAddress=0x13f819980, _StackSize=0x0, _ArgList=0x785b00) returned 0xac [0084.084] SetEvent (hEvent=0xa0) returned 1 [0084.085] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb0 [0084.085] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb4 [0084.085] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0128.978] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0129.206] SwitchToThread () returned 1 [0129.206] SetEvent (hEvent=0xc8) returned 1 [0129.207] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0129.703] malloc (_Size=0x18) returned 0x785ae0 [0129.704] _beginthread (_StartAddress=0x13f819980, _StackSize=0x0, _ArgList=0x785ae0) returned 0x1cc [0129.795] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) Thread: id = 4 os_tid = 0xdb4 [0084.086] free (_Block=0x785ae0) [0084.086] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2800f690, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2800f690*=0xb8) returned 1 [0084.087] VirtualQuery (in: lpAddress=0x2800f698, lpBuffer=0x2800f698, dwLength=0x30 | out: lpBuffer=0x2800f698*(BaseAddress=0x2800f000, AllocationBase=0x27e10000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0084.108] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0084.108] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbc [0084.108] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc0 [0084.108] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0088.684] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0088.686] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0088.794] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0088.797] SetEvent (hEvent=0xa0) returned 1 [0088.797] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0089.123] SetEvent (hEvent=0xa0) returned 1 [0089.123] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0089.396] SetEvent (hEvent=0xa0) returned 1 [0089.396] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0089.723] SetEvent (hEvent=0xa0) returned 1 [0089.724] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0090.056] SetEvent (hEvent=0xa0) returned 1 [0090.056] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0090.381] SetEvent (hEvent=0xa0) returned 1 [0090.381] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0090.729] SetEvent (hEvent=0xa0) returned 1 [0090.730] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0091.051] SetEvent (hEvent=0xa0) returned 1 [0091.051] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0091.280] SetEvent (hEvent=0xa0) returned 1 [0091.280] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0091.608] SetEvent (hEvent=0xa0) returned 1 [0091.609] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0091.938] SetEvent (hEvent=0xa0) returned 1 [0091.938] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0092.150] SetEvent (hEvent=0xa0) returned 1 [0092.150] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0092.471] SetEvent (hEvent=0xa0) returned 1 [0092.471] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0092.715] SetEvent (hEvent=0xa0) returned 1 [0092.715] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0093.053] SetEvent (hEvent=0xa0) returned 1 [0093.053] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0093.299] SetEvent (hEvent=0xa0) returned 1 [0093.299] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0093.532] SetEvent (hEvent=0xa0) returned 1 [0093.532] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0093.865] SetEvent (hEvent=0xa0) returned 1 [0093.865] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0094.081] SetEvent (hEvent=0xa0) returned 1 [0094.081] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0094.508] SetEvent (hEvent=0xa0) returned 1 [0094.508] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0094.831] SetEvent (hEvent=0xa0) returned 1 [0094.831] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0095.173] SetEvent (hEvent=0xa0) returned 1 [0095.173] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0095.606] SetEvent (hEvent=0xa0) returned 1 [0095.606] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0096.025] SetEvent (hEvent=0xa0) returned 1 [0096.026] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0096.636] SetEvent (hEvent=0xa0) returned 1 [0096.636] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0096.858] SetEvent (hEvent=0xa0) returned 1 [0096.858] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0097.287] SetEvent (hEvent=0xa0) returned 1 [0097.287] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0097.618] SetEvent (hEvent=0xa0) returned 1 [0097.618] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0098.151] SetEvent (hEvent=0xa0) returned 1 [0098.151] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0098.432] SetEvent (hEvent=0xa0) returned 1 [0098.433] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0098.868] SetEvent (hEvent=0xa0) returned 1 [0098.868] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0099.200] SetEvent (hEvent=0xa0) returned 1 [0099.200] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0099.336] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0099.451] SetEvent (hEvent=0xa0) returned 1 [0099.451] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0099.676] SetEvent (hEvent=0xa0) returned 1 [0099.677] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0099.901] SetEvent (hEvent=0xa0) returned 1 [0099.901] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0100.187] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0100.992] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0101.953] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0102.059] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0102.170] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0102.291] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0102.609] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0102.777] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0102.778] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0103.388] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0103.510] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0103.624] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0103.788] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0103.943] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0104.081] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0104.198] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0104.341] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0104.453] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0104.566] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0104.739] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0104.852] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0104.964] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0105.106] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0105.252] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0105.359] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0105.475] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0105.582] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0105.796] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0105.913] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0106.063] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0106.178] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0106.299] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0106.510] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0106.628] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0106.765] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0106.872] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0106.978] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0107.092] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0107.196] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0107.303] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0107.411] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0107.517] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0107.623] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0107.731] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0108.016] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0108.142] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0108.254] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0108.365] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0108.473] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0108.582] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0108.689] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0108.827] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0108.934] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0109.041] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0109.163] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0109.269] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0109.378] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0109.489] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0109.607] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0109.715] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0109.840] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0109.950] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0110.072] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0110.186] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0110.304] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0110.412] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0110.556] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0110.673] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0110.800] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0110.906] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0111.013] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0111.132] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0111.243] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0111.351] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0111.456] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0111.568] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0111.682] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0111.809] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0111.917] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0112.029] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0112.153] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0112.263] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0112.372] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0112.480] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0112.590] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0112.703] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0112.980] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0113.102] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0113.222] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0113.323] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0113.432] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0113.540] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0113.647] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0113.753] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0113.946] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0114.052] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0114.175] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0114.695] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0115.542] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0115.843] SetEvent (hEvent=0xc8) returned 1 [0115.884] CloseHandle (hObject=0x18c) returned 1 [0115.986] GetProcAddress (hModule=0x77660000, lpProcName="CancelIoEx") returned 0x776ac9a0 [0115.986] CancelIoEx (hFile=0x198, lpOverlapped=0x0) returned 0 [0115.987] CloseHandle (hObject=0x198) returned 1 [0116.008] GetProcAddress (hModule=0x77660000, lpProcName="WaitForSingleObject") returned 0x77681520 [0116.008] WaitForSingleObject (hHandle=0x1ac, dwMilliseconds=0xffffffff) returned 0x0 [0119.797] GetProcAddress (hModule=0x77660000, lpProcName="GetExitCodeProcess") returned 0x77670750 [0119.797] GetExitCodeProcess (in: hProcess=0x1ac, lpExitCode=0xc00011f884 | out: lpExitCode=0xc00011f884*=0x0) returned 1 [0119.797] GetProcAddress (hModule=0x77660000, lpProcName="GetProcessTimes") returned 0x77663d10 [0119.797] GetProcessTimes (in: hProcess=0x1ac, lpCreationTime=0xc0000124e0, lpExitTime=0xc0000124e8, lpKernelTime=0xc0000124f0, lpUserTime=0xc0000124f8 | out: lpCreationTime=0xc0000124e0, lpExitTime=0xc0000124e8, lpKernelTime=0xc0000124f0, lpUserTime=0xc0000124f8) returned 1 [0119.798] CloseHandle (hObject=0x1ac) returned 1 [0119.879] CreateIoCompletionPort (FileHandle=0xffffffffffffffff, ExistingCompletionPort=0x0, CompletionKey=0x0, NumberOfConcurrentThreads=0xffffffff) returned 0x1ac [0119.879] SetEvent (hEvent=0xa0) returned 1 [0119.880] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0119.880] VirtualAlloc (lpAddress=0xc000062000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000062000 [0119.881] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xc000062000, nSize=0x64 | out: lpBuffer="") returned 0x35 [0119.881] VirtualAlloc (lpAddress=0xc000064000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000064000 [0119.882] VirtualAlloc (lpAddress=0xc000066000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000066000 [0119.882] GetEnvironmentVariableW (in: lpName="NoDefaultCurrentDirectoryInExePath", lpBuffer=0xc0000620d0, nSize=0x64 | out: lpBuffer="") returned 0x0 [0119.883] GetFileAttributesExW (in: lpFileName="wmic.com" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.com"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.883] CreateFileW (lpFileName="wmic.com" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.883] GetFileAttributesExW (in: lpFileName="wmic.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.exe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.883] CreateFileW (lpFileName="wmic.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.exe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.884] GetFileAttributesExW (in: lpFileName="wmic.bat" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.bat"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.884] CreateFileW (lpFileName="wmic.bat" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.bat"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.884] GetFileAttributesExW (in: lpFileName="wmic.cmd" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.cmd"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.884] CreateFileW (lpFileName="wmic.cmd" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.cmd"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.885] GetFileAttributesExW (in: lpFileName="wmic.vbs" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.vbs"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.885] CreateFileW (lpFileName="wmic.vbs" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.vbs"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.885] GetFileAttributesExW (in: lpFileName="wmic.vbe" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.vbe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.885] CreateFileW (lpFileName="wmic.vbe" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.vbe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.885] GetFileAttributesExW (in: lpFileName="wmic.js" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.js"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.886] CreateFileW (lpFileName="wmic.js" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.js"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.886] GetFileAttributesExW (in: lpFileName="wmic.jse" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.jse"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.886] CreateFileW (lpFileName="wmic.jse" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.jse"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.886] GetFileAttributesExW (in: lpFileName="wmic.wsf" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.wsf"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.886] CreateFileW (lpFileName="wmic.wsf" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.wsf"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.887] GetFileAttributesExW (in: lpFileName="wmic.wsh" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.wsh"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.887] CreateFileW (lpFileName="wmic.wsh" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.wsh"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.887] GetFileAttributesExW (in: lpFileName="wmic.msc" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.msc"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.887] CreateFileW (lpFileName="wmic.msc" (normalized: "c:\\users\\keecfmwgj\\desktop\\wmic.msc"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.888] GetEnvironmentVariableW (in: lpName="path", lpBuffer=0xc0000621a0, nSize=0x64 | out: lpBuffer="") returned 0xc9 [0119.888] VirtualAlloc (lpAddress=0xc000068000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000068000 [0119.888] GetEnvironmentVariableW (in: lpName="path", lpBuffer=0xc000068000, nSize=0xc9 | out: lpBuffer="") returned 0xc8 [0119.888] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0119.889] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0119.889] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.com" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.com"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.890] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.com" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.890] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.exe" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.exe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.891] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.exe" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.exe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.891] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.bat" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.bat"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.891] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.bat" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.bat"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.891] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.cmd" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.cmd"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.891] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.cmd" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.cmd"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.892] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.vbs" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.vbs"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.892] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.vbs" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.vbs"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.892] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.vbe" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.vbe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.892] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.vbe" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.vbe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.893] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.js" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.js"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.893] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.js" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.js"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.893] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.jse" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.jse"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.894] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.jse" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.jse"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.894] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.wsf" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.wsf"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.894] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.wsf" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.wsf"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.895] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.wsh" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.wsh"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.895] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.wsh" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.wsh"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.895] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.msc" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.msc"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.895] CreateFileW (lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.msc" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.msc"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.895] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.com" (normalized: "c:\\windows\\system32\\wmic.com"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.896] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.com" (normalized: "c:\\windows\\system32\\wmic.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.896] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.exe" (normalized: "c:\\windows\\system32\\wmic.exe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.896] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.exe" (normalized: "c:\\windows\\system32\\wmic.exe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.896] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.bat" (normalized: "c:\\windows\\system32\\wmic.bat"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.896] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.bat" (normalized: "c:\\windows\\system32\\wmic.bat"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.897] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.cmd" (normalized: "c:\\windows\\system32\\wmic.cmd"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.897] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.cmd" (normalized: "c:\\windows\\system32\\wmic.cmd"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.897] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.vbs" (normalized: "c:\\windows\\system32\\wmic.vbs"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.897] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.vbs" (normalized: "c:\\windows\\system32\\wmic.vbs"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.897] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.vbe" (normalized: "c:\\windows\\system32\\wmic.vbe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.898] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.vbe" (normalized: "c:\\windows\\system32\\wmic.vbe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.898] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.js" (normalized: "c:\\windows\\system32\\wmic.js"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.902] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.js" (normalized: "c:\\windows\\system32\\wmic.js"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.902] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.jse" (normalized: "c:\\windows\\system32\\wmic.jse"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.902] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.jse" (normalized: "c:\\windows\\system32\\wmic.jse"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.902] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.wsf" (normalized: "c:\\windows\\system32\\wmic.wsf"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.902] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.wsf" (normalized: "c:\\windows\\system32\\wmic.wsf"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.903] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.wsh" (normalized: "c:\\windows\\system32\\wmic.wsh"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.903] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.wsh" (normalized: "c:\\windows\\system32\\wmic.wsh"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.903] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\wmic.msc" (normalized: "c:\\windows\\system32\\wmic.msc"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.903] CreateFileW (lpFileName="C:\\Windows\\system32\\wmic.msc" (normalized: "c:\\windows\\system32\\wmic.msc"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.903] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.com" (normalized: "c:\\windows\\wmic.com"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.904] CreateFileW (lpFileName="C:\\Windows\\wmic.com" (normalized: "c:\\windows\\wmic.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.904] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.exe" (normalized: "c:\\windows\\wmic.exe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.904] CreateFileW (lpFileName="C:\\Windows\\wmic.exe" (normalized: "c:\\windows\\wmic.exe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.904] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.bat" (normalized: "c:\\windows\\wmic.bat"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.904] CreateFileW (lpFileName="C:\\Windows\\wmic.bat" (normalized: "c:\\windows\\wmic.bat"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.905] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.cmd" (normalized: "c:\\windows\\wmic.cmd"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.905] CreateFileW (lpFileName="C:\\Windows\\wmic.cmd" (normalized: "c:\\windows\\wmic.cmd"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.905] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.vbs" (normalized: "c:\\windows\\wmic.vbs"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.906] CreateFileW (lpFileName="C:\\Windows\\wmic.vbs" (normalized: "c:\\windows\\wmic.vbs"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.906] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.vbe" (normalized: "c:\\windows\\wmic.vbe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.906] CreateFileW (lpFileName="C:\\Windows\\wmic.vbe" (normalized: "c:\\windows\\wmic.vbe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.906] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.js" (normalized: "c:\\windows\\wmic.js"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.906] CreateFileW (lpFileName="C:\\Windows\\wmic.js" (normalized: "c:\\windows\\wmic.js"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.907] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.jse" (normalized: "c:\\windows\\wmic.jse"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.907] CreateFileW (lpFileName="C:\\Windows\\wmic.jse" (normalized: "c:\\windows\\wmic.jse"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.907] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.wsf" (normalized: "c:\\windows\\wmic.wsf"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.907] CreateFileW (lpFileName="C:\\Windows\\wmic.wsf" (normalized: "c:\\windows\\wmic.wsf"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.907] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.wsh" (normalized: "c:\\windows\\wmic.wsh"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.908] CreateFileW (lpFileName="C:\\Windows\\wmic.wsh" (normalized: "c:\\windows\\wmic.wsh"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.908] GetFileAttributesExW (in: lpFileName="C:\\Windows\\wmic.msc" (normalized: "c:\\windows\\wmic.msc"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.908] CreateFileW (lpFileName="C:\\Windows\\wmic.msc" (normalized: "c:\\windows\\wmic.msc"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.908] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.com" (normalized: "c:\\windows\\system32\\wbem\\wmic.com"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0119.909] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\wmic.com" (normalized: "c:\\windows\\system32\\wbem\\wmic.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0119.909] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f4e0 | out: lpFileInformation=0xc00011f4e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5694022d, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x5694022d, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xfd50fc30, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x8a400)) returned 1 [0119.909] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xc0000f7c70, nSize=0x64 | out: lpBuffer="") returned 0x35 [0119.909] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe"), fInfoLevelId=0x0, lpFileInformation=0xc00011f288 | out: lpFileInformation=0xc00011f288*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5694022d, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x5694022d, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xfd50fc30, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x8a400)) returned 1 [0119.909] CreateFileW (lpFileName="NUL" (normalized: "\\device\\null"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000001, hTemplateFile=0x0) returned 0x194 [0119.910] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc00011f6b4 | out: lpMode=0xc00011f6b4) returned 0 [0119.921] GetFileType (hFile=0x194) returned 0x2 [0119.921] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0119.922] CreatePipe (in: hReadPipe=0xc00011f708, hWritePipe=0xc00011f710, lpPipeAttributes=0xc00011f718, nSize=0x0 | out: hReadPipe=0xc00011f708*=0x19c, hWritePipe=0xc00011f710*=0x198) returned 1 [0119.922] GetEnvironmentStringsW () returned 0x4bdfc0* [0119.923] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0119.923] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0119.924] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0119.924] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0119.925] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0119.925] FreeEnvironmentStringsW (penv=0x4bdfc0) returned 1 [0119.926] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0119.926] RtlGetNtVersionNumbers () returned 0x778c5160 [0119.926] GetCurrentProcess () returned 0xffffffffffffffff [0119.927] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x194, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xc0000143d8, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xc0000143d8*=0x18c) returned 1 [0119.927] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x198, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xc0000143e0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xc0000143e0*=0x1a0) returned 1 [0119.927] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x198, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xc0000143e8, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xc0000143e8*=0x1a4) returned 1 [0119.927] InitializeProcThreadAttributeList (in: lpAttributeList=0x0, dwAttributeCount=0x2, dwFlags=0x0, lpSize=0xc00011f440 | out: lpAttributeList=0x0, lpSize=0xc00011f440) returned 0 [0119.927] InitializeProcThreadAttributeList (in: lpAttributeList=0xc00001a6e0, dwAttributeCount=0x2, dwFlags=0x0, lpSize=0xc00011f440 | out: lpAttributeList=0xc00001a6e0, lpSize=0xc00011f440) returned 1 [0119.927] UpdateProcThreadAttribute (in: lpAttributeList=0xc00001a6e0, dwFlags=0x0, Attribute=0x20002, lpValue=0xc0000143d8, cbSize=0x18, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xc00001a6e0, lpPreviousValue=0x0) returned 1 [0119.927] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0119.928] VirtualAlloc (lpAddress=0xc000200000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000200000 [0119.930] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0119.930] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\Wbem\\wmic.exe", lpCommandLine="wmic path win32_VideoController get name", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80400, lpEnvironment=0xc000206000, lpCurrentDirectory=0x0, lpStartupInfo=0xc00011f660*(cb=0x70, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x18c, hStdOutput=0x1a0, hStdError=0x1a4), lpProcessInformation=0xc00011f540 | out: lpCommandLine="wmic path win32_VideoController get name", lpProcessInformation=0xc00011f540*(hProcess=0x1b4, hThread=0x1a8, dwProcessId=0xe0c, dwThreadId=0xe10)) returned 1 [0119.946] CloseHandle (hObject=0x1a8) returned 1 [0119.947] DeleteProcThreadAttributeList (in: lpAttributeList=0xc00001a6e0 | out: lpAttributeList=0xc00001a6e0) [0119.947] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1a4, hTargetProcessHandle=0x0, lpTargetHandle=0x0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x1 | out: lpTargetHandle=0x0) returned 1 [0119.947] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1a0, hTargetProcessHandle=0x0, lpTargetHandle=0x0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x1 | out: lpTargetHandle=0x0) returned 1 [0119.947] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x18c, hTargetProcessHandle=0x0, lpTargetHandle=0x0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x1 | out: lpTargetHandle=0x0) returned 1 [0119.948] SetEvent (hEvent=0xc8) returned 1 [0119.948] CloseHandle (hObject=0x194) returned 1 [0119.948] CancelIoEx (hFile=0x198, lpOverlapped=0x0) returned 0 [0119.948] CloseHandle (hObject=0x198) returned 1 [0119.948] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.408] GetExitCodeProcess (in: hProcess=0x1b4, lpExitCode=0xc00011f874 | out: lpExitCode=0xc00011f874*=0x0) returned 1 [0122.408] GetProcessTimes (in: hProcess=0x1b4, lpCreationTime=0xc0000127c0, lpExitTime=0xc0000127c8, lpKernelTime=0xc0000127d0, lpUserTime=0xc0000127d8 | out: lpCreationTime=0xc0000127c0, lpExitTime=0xc0000127c8, lpKernelTime=0xc0000127d0, lpUserTime=0xc0000127d8) returned 1 [0122.408] CloseHandle (hObject=0x1b4) returned 1 [0122.408] SetEvent (hEvent=0xa0) returned 1 [0122.409] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x2800ed90, ulCount=0x10, ulNumEntriesRemoved=0x2800ed64, dwMilliseconds=0x5, fAlertable=0 | out: lpCompletionPortEntries=0x2800ed90, ulNumEntriesRemoved=0x2800ed64) returned 0 [0122.433] SetEvent (hEvent=0xa0) returned 1 [0122.433] VirtualAlloc (lpAddress=0xc00020c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020c000 [0122.454] VirtualAlloc (lpAddress=0xc00020e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020e000 [0122.455] VirtualAlloc (lpAddress=0xc000210000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000210000 [0122.477] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0122.477] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0122.478] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x1, phkResult=0xc00011fa98 | out: phkResult=0xc00011fa98*=0x1b4) returned 0x0 [0122.478] VirtualAlloc (lpAddress=0xc000216000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000216000 [0122.479] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0122.479] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0122.480] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0122.480] RegQueryValueExW (in: hKey=0x1b4, lpValueName="ProductName", lpReserved=0x0, lpType=0xc00011f9e4, lpData=0xc00011fa68, lpcbData=0xc00011f9e0*=0x40 | out: lpType=0xc00011f9e4*=0x1, lpData="Windows 7 Professional", lpcbData=0xc00011f9e0*=0x2e) returned 0x0 [0122.481] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0122.482] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0122.482] RegCloseKey (hKey=0x1b4) returned 0x0 [0122.586] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0122.654] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0122.823] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0122.888] VirtualAlloc (lpAddress=0xc000228000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000228000 [0122.933] VirtualAlloc (lpAddress=0xc00022a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022a000 [0122.977] VirtualAlloc (lpAddress=0xc00022c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022c000 [0123.124] VirtualAlloc (lpAddress=0xc00022e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022e000 [0123.124] GetEnvironmentVariableW (in: lpName="HTTP_PROXY", lpBuffer=0xc00022e000, nSize=0x64 | out: lpBuffer="") returned 0x0 [0123.124] GetEnvironmentVariableW (in: lpName="http_proxy", lpBuffer=0xc00022e0d0, nSize=0x64 | out: lpBuffer="") returned 0x0 [0123.124] GetEnvironmentVariableW (in: lpName="HTTPS_PROXY", lpBuffer=0xc00022e1a0, nSize=0x64 | out: lpBuffer="") returned 0x0 [0123.124] GetEnvironmentVariableW (in: lpName="https_proxy", lpBuffer=0xc00022e270, nSize=0x64 | out: lpBuffer="") returned 0x0 [0123.124] GetEnvironmentVariableW (in: lpName="NO_PROXY", lpBuffer=0xc00022e340, nSize=0x64 | out: lpBuffer="") returned 0x0 [0123.125] GetEnvironmentVariableW (in: lpName="no_proxy", lpBuffer=0xc00022e410, nSize=0x64 | out: lpBuffer="") returned 0x0 [0123.125] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0123.125] GetEnvironmentVariableW (in: lpName="REQUEST_METHOD", lpBuffer=0xc00022e4e0, nSize=0x64 | out: lpBuffer="") returned 0x0 [0123.125] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0123.277] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0123.387] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0123.388] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0123.463] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0123.463] VirtualAlloc (lpAddress=0xc00023c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023c000 [0123.465] SetEvent (hEvent=0xa0) returned 1 [0123.571] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0123.593] SetEvent (hEvent=0xa0) returned 1 [0123.926] SetEvent (hEvent=0xc8) returned 1 [0124.042] SetEvent (hEvent=0xc8) returned 1 [0124.113] GetProcAddress (hModule=0x7feffa10000, lpProcName="GetAddrInfoW") returned 0x7feffa123c0 [0124.114] GetAddrInfoW (in: pNodeName="ipinfo.io", pServiceName=0x0, pHints=0xc000243f40*(ai_flags=0, ai_family=0, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xc000243e78 | out: ppResult=0xc000243e78*=0x1e76090*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x1e760d0*(sa_family=2, sin_port=0x0, sin_addr="34.117.186.192"), ai_next=0x0)) returned 0 [0126.832] SetEvent (hEvent=0x138) returned 1 [0127.060] SetEvent (hEvent=0xc8) returned 1 [0127.060] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0127.272] GetProcAddress (hModule=0x7feffa10000, lpProcName="FreeAddrInfoW") returned 0x7feffa12640 [0127.314] FreeAddrInfoW (pAddrInfo=0x1e76090*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x1e760d0*(sa_family=2, sin_port=0x0, sin_addr="34.117.186.192"), ai_next=0x0)) [0127.487] SetEvent (hEvent=0xc8) returned 1 [0127.714] SetEvent (hEvent=0xc8) returned 1 [0128.566] VirtualAlloc (lpAddress=0xc000246000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000246000 [0128.588] LoadLibraryExW (lpLibFileName="ws2_32.dll", hFile=0x0, dwFlags=0x800) returned 0x7feffa10000 [0128.588] GetProcAddress (hModule=0x7feffa10000, lpProcName="WSASocketW") returned 0x7feffa11bd0 [0128.588] WSASocketW (af=2, type=1, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x81) returned 0x1c0 [0128.590] VirtualAlloc (lpAddress=0xc000248000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000248000 [0128.803] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0x277f0000 [0128.804] CreateIoCompletionPort (FileHandle=0x1c0, ExistingCompletionPort=0x1ac, CompletionKey=0x0, NumberOfConcurrentThreads=0x0) returned 0x1ac [0128.825] SetFileCompletionNotificationModes (FileHandle=0x1c0, Flags=0x3) returned 1 [0128.928] GetProcAddress (hModule=0x7feffa10000, lpProcName="bind") returned 0x7feffa11f00 [0128.929] bind (s=0x1c0, addr=0xc00022004c*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0 [0128.930] SetEvent (hEvent=0xc8) returned 1 [0129.019] GetProcAddress (hModule=0x7feffa10000, lpProcName="socket") returned 0x7feffa1de90 [0129.020] socket (af=2, type=1, protocol=6) returned 0x1c8 [0129.041] GetProcAddress (hModule=0x7feffa10000, lpProcName="WSAIoctl") returned 0x7feffa1d620 [0129.041] WSAIoctl (in: s=0x1c8, dwIoControlCode=0xc8000006, lpvInBuffer=0x13f82c170, cbInBuffer=0x10, lpvOutBuffer=0x13fc71fd0, cbOutBuffer=0x8, lpcbBytesReturned=0xc0000acc9c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x13fc71fd0, lpcbBytesReturned=0xc0000acc9c, lpOverlapped=0x0) returned 0 [0129.061] CloseHandle (hObject=0x1c8) returned 1 [0129.062] ConnectEx (in: s=0x1c0, name=0xc00022002c*(sa_family=2, sin_port=0x50, sin_addr="34.117.186.192"), namelen=16, lpSendBuffer=0x0, dwSendDataLength=0x0, lpdwBytesSent=0x0, lpOverlapped=0xc0002480e8 | out: lpdwBytesSent=0x0) returned 0 [0129.117] GetProcAddress (hModule=0x7feffa10000, lpProcName="setsockopt") returned 0x7feffa1dd30 [0129.117] setsockopt (s=0x1c0, level=65535, optname=28688, optval="À\x01", optlen=8) returned 0 [0129.118] SetEvent (hEvent=0xb0) returned 1 [0129.119] GetProcAddress (hModule=0x7feffa10000, lpProcName="getsockname") returned 0x7feffa19480 [0129.119] getsockname (in: s=0x1c0, name=0xc0000acfac, namelen=0xc0000acfa8 | out: name=0xc0000acfac*(sa_family=2, sin_port=0xc00a, sin_addr="192.168.0.83"), namelen=0xc0000acfa8) returned 0 [0129.120] GetProcAddress (hModule=0x7feffa10000, lpProcName="getpeername") returned 0x7feffa3e450 [0129.120] getpeername (in: s=0x1c0, name=0xc0000acfac, namelen=0xc0000acfa8 | out: name=0xc0000acfac*(sa_family=2, sin_port=0x50, sin_addr="34.117.186.192"), namelen=0xc0000acfa8) returned 0 [0129.182] setsockopt (s=0x1c0, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0129.208] setsockopt (s=0x1c0, level=65535, optname=8, optval="\x01", optlen=4) returned 0 [0129.211] WSAIoctl (in: s=0x1c0, dwIoControlCode=0x98000004, lpvInBuffer=0xc0000ad1ec, cbInBuffer=0xc, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xc0000ad1d4, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xc0000ad1d4, lpOverlapped=0x0) returned 0 [0129.314] VirtualAlloc (lpAddress=0xc00024a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024a000 [0129.314] SetEvent (hEvent=0xc8) returned 1 [0129.861] VirtualAlloc (lpAddress=0xc00024c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024c000 [0129.862] SetEvent (hEvent=0x1e0) returned 1 [0130.239] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0130.262] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0130.343] VirtualAlloc (lpAddress=0xc000252000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000252000 [0130.408] VirtualAlloc (lpAddress=0xc000254000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000254000 [0130.515] GetProcAddress (hModule=0x7feffa10000, lpProcName="WSASend") returned 0x7feffa113b0 [0130.515] WSASend (in: s=0x1c0, lpBuffers=0xc000248128*=((len=0x5a, buf=0xc00024b000*)), dwBufferCount=0x1, lpNumberOfBytesSent=0xc000248118, dwFlags=0x0, lpOverlapped=0xc0002480e8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0xc000248118*=0x5a, lpOverlapped=0xc0002480e8) returned 0 [0130.516] SetEvent (hEvent=0x1e0) returned 1 [0130.516] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0131.471] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0131.585] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0xffffffff) returned 0x0 [0135.819] SwitchToThread () returned 1 [0135.870] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x2800ed90, ulCount=0x10, ulNumEntriesRemoved=0x2800ed64, dwMilliseconds=0x7512, fAlertable=0 | out: lpCompletionPortEntries=0x2800ed90, ulNumEntriesRemoved=0x2800ed64) returned 1 [0136.140] WSAGetOverlappedResult (in: s=0x1e8, lpOverlapped=0xc0002bcfe8, lpcbTransfer=0x2800ed60, fWait=0, lpdwFlags=0x2800ed6c | out: lpcbTransfer=0x2800ed60, lpdwFlags=0x2800ed6c) returned 1 [0136.140] SetEvent (hEvent=0x138) returned 1 [0136.141] setsockopt (s=0x1e8, level=65535, optname=28688, optval="è\x01", optlen=8) returned 0 [0136.141] SetEvent (hEvent=0x1e0) returned 1 [0136.141] getsockname (in: s=0x1e8, name=0xc00028cfac, namelen=0xc00028cfa8 | out: name=0xc00028cfac*(sa_family=2, sin_port=0xc00b, sin_addr="192.168.0.83"), namelen=0xc00028cfa8) returned 0 [0136.142] getpeername (in: s=0x1e8, name=0xc00028cfac, namelen=0xc00028cfa8 | out: name=0xc00028cfac*(sa_family=2, sin_port=0x50, sin_addr="193.178.170.30"), namelen=0xc00028cfa8) returned 0 [0136.142] setsockopt (s=0x1e8, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0136.142] setsockopt (s=0x1e8, level=65535, optname=8, optval="\x01", optlen=4) returned 0 [0136.143] WSAIoctl (in: s=0x1e8, dwIoControlCode=0x98000004, lpvInBuffer=0xc00028d1ec, cbInBuffer=0xc, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xc00028d1d4, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xc00028d1d4, lpOverlapped=0x0) returned 0 [0136.143] VirtualAlloc (lpAddress=0xc000192000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000192000 [0136.144] WSARecv (in: s=0x1e8, lpBuffers=0xc0002bcf58, dwBufferCount=0x1, lpNumberOfBytesRecvd=0xc0002bcf48, lpFlags=0xc0002bcfc8*=0x0, lpOverlapped=0xc0002bcf18, lpCompletionRoutine=0x0 | out: lpBuffers=0xc0002bcf58*=((len=0x1000, buf=0xc000192000*)), lpNumberOfBytesRecvd=0xc0002bcf48*=0x0, lpFlags=0xc0002bcfc8*=0x0, lpOverlapped=0xc0002bcf18) returned 0 [0136.187] WSASend (in: s=0x1e8, lpBuffers=0xc0002bd028*=((len=0x515, buf=0xc000193000*)), dwBufferCount=0x1, lpNumberOfBytesSent=0xc0002bd018, dwFlags=0x0, lpOverlapped=0xc0002bcfe8, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0xc0002bd018*=0x515, lpOverlapped=0xc0002bcfe8) returned 0 [0136.190] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x2800ed90, ulCount=0x10, ulNumEntriesRemoved=0x2800ed64, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2800ed90, ulNumEntriesRemoved=0x2800ed64) returned 0 [0136.190] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x2800ed90, ulCount=0x10, ulNumEntriesRemoved=0x2800ed64, dwMilliseconds=0xffffffff, fAlertable=0 | out: lpCompletionPortEntries=0x2800ed90, ulNumEntriesRemoved=0x2800ed64) returned 1 [0136.192] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x2800ed90, ulCount=0x10, ulNumEntriesRemoved=0x2800ed64, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2800ed90, ulNumEntriesRemoved=0x2800ed64) returned 0 [0136.192] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x2800ed90, ulCount=0x10, ulNumEntriesRemoved=0x2800ed64, dwMilliseconds=0x15a9b, fAlertable=0 | out: lpCompletionPortEntries=0x2800ed90, ulNumEntriesRemoved=0x2800ed64) returned 1 [0136.401] WSAGetOverlappedResult (in: s=0x1e8, lpOverlapped=0xc0002bcf18, lpcbTransfer=0x2800ed60, fWait=0, lpdwFlags=0x2800ed6c | out: lpcbTransfer=0x2800ed60, lpdwFlags=0x2800ed6c) returned 1 [0136.401] SetEvent (hEvent=0x1e0) returned 1 [0136.402] SetEvent (hEvent=0x138) returned 1 [0136.402] WSARecv (in: s=0x1e8, lpBuffers=0xc0002bcf58, dwBufferCount=0x1, lpNumberOfBytesRecvd=0xc0002bcf48, lpFlags=0xc0002bcfc8*=0x0, lpOverlapped=0xc0002bcf18, lpCompletionRoutine=0x0 | out: lpBuffers=0xc0002bcf58*=((len=0x1000, buf=0xc000192000)), lpNumberOfBytesRecvd=0xc0002bcf48*=0x80, lpFlags=0xc0002bcfc8*=0x0, lpOverlapped=0xc0002bcf18) returned 0xffffffff [0136.402] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00029a708*, nNumberOfCharsToWrite=0xb, lpNumberOfCharsWritten=0xc00011f668, lpReserved=0x0 | out: lpBuffer=0xc00029a708*, lpNumberOfCharsWritten=0xc00011f668*=0xb) returned 1 [0136.405] GetProcAddress (hModule=0x77660000, lpProcName="DeleteFileW") returned 0x7766a230 [0136.405] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\passwords.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\passwords.txt")) returned 0 [0136.405] GetProcAddress (hModule=0x77660000, lpProcName="RemoveDirectoryW") returned 0x776ac180 [0136.405] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\passwords.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\passwords.txt")) returned 0 [0136.406] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x409, lpBuffer=0xc00011f540, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0136.406] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002fa680*, nNumberOfCharsToWrite=0x66, lpNumberOfCharsWritten=0xc00011f5f8, lpReserved=0x0 | out: lpBuffer=0xc0002fa680*, lpNumberOfCharsWritten=0xc00011f5f8*=0x66) returned 1 [0136.410] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\passwords.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\passwords.txt")) returned 0 [0136.410] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\passwords.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\passwords.txt")) returned 0 [0136.410] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\bookmarks.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\bookmarks.txt")) returned 0 [0136.410] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\bookmarks.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\bookmarks.txt")) returned 0 [0136.410] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x409, lpBuffer=0xc00011f540, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0136.411] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002fa8f0*, nNumberOfCharsToWrite=0x66, lpNumberOfCharsWritten=0xc00011f5f8, lpReserved=0x0 | out: lpBuffer=0xc0002fa8f0*, lpNumberOfCharsWritten=0xc00011f5f8*=0x66) returned 1 [0136.412] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\bookmarks.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\bookmarks.txt")) returned 0 [0136.412] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\bookmarks.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\bookmarks.txt")) returned 0 [0136.412] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\cards.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cards.txt")) returned 0 [0136.412] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\cards.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cards.txt")) returned 0 [0136.412] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x409, lpBuffer=0xc00011f540, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0136.413] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002faa90*, nNumberOfCharsToWrite=0x62, lpNumberOfCharsWritten=0xc00011f5f8, lpReserved=0x0 | out: lpBuffer=0xc0002faa90*, lpNumberOfCharsWritten=0xc00011f5f8*=0x62) returned 1 [0136.413] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\cards.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cards.txt")) returned 0 [0136.414] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\cards.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cards.txt")) returned 0 [0136.414] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\autofills.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\autofills.txt")) returned 0 [0136.414] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\autofills.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\autofills.txt")) returned 0 [0136.414] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x409, lpBuffer=0xc00011f540, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0136.414] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002fac30*, nNumberOfCharsToWrite=0x66, lpNumberOfCharsWritten=0xc00011f5f8, lpReserved=0x0 | out: lpBuffer=0xc0002fac30*, lpNumberOfCharsWritten=0xc00011f5f8*=0x66) returned 1 [0136.415] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\autofills.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\autofills.txt")) returned 0 [0136.415] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\autofills.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\autofills.txt")) returned 0 [0136.416] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\exodus-passwords.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\exodus-passwords.txt")) returned 0 [0136.416] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\exodus-passwords.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\exodus-passwords.txt")) returned 0 [0136.416] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x409, lpBuffer=0xc00011f540, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0136.416] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002d2540*, nNumberOfCharsToWrite=0x6d, lpNumberOfCharsWritten=0xc00011f5f8, lpReserved=0x0 | out: lpBuffer=0xc0002d2540*, lpNumberOfCharsWritten=0xc00011f5f8*=0x6d) returned 1 [0136.417] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\exodus-passwords.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\exodus-passwords.txt")) returned 0 [0136.417] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\exodus-passwords.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\exodus-passwords.txt")) returned 0 [0136.418] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\system.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\system.txt")) returned 1 [0136.457] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\Cookies" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cookies")) returned 0 [0136.457] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\Cookies" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\cookies")) returned 1 [0136.459] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\discord-tokens.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\discord-tokens.txt")) returned 0 [0136.459] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\discord-tokens.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\discord-tokens.txt")) returned 0 [0136.459] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x409, lpBuffer=0xc00011f540, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0136.459] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002d2700*, nNumberOfCharsToWrite=0x6b, lpNumberOfCharsWritten=0xc00011f5f8, lpReserved=0x0 | out: lpBuffer=0xc0002d2700*, lpNumberOfCharsWritten=0xc00011f5f8*=0x6b) returned 1 [0136.467] DeleteFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\discord-tokens.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\discord-tokens.txt")) returned 0 [0136.467] RemoveDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\discord-tokens.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\discord-tokens.txt")) returned 0 [0136.493] RtlExitUserProcess (ExitCode=0x0) [0136.575] RtlRemoveVectoredExceptionHandler () returned 0x1 Thread: id = 5 os_tid = 0xdb8 [0084.160] free (_Block=0x785b00) [0084.160] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2836f8f0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2836f8f0*=0xc4) returned 1 [0084.160] VirtualQuery (in: lpAddress=0x2836f8f8, lpBuffer=0x2836f8f8, dwLength=0x30 | out: lpBuffer=0x2836f8f8*(BaseAddress=0x2836f000, AllocationBase=0x28170000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0084.160] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc8 [0084.160] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xcc [0084.160] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0084.322] SetEvent (hEvent=0xa0) returned 1 [0084.322] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0084.643] SetEvent (hEvent=0xa0) returned 1 [0084.643] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0084.958] SetEvent (hEvent=0xa0) returned 1 [0084.958] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0085.285] SetEvent (hEvent=0xa0) returned 1 [0085.285] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0085.498] SetEvent (hEvent=0xa0) returned 1 [0085.498] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0085.806] SetEvent (hEvent=0xa0) returned 1 [0085.806] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0086.150] SetEvent (hEvent=0xa0) returned 1 [0086.150] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0086.468] SetEvent (hEvent=0xa0) returned 1 [0086.468] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0086.703] SetEvent (hEvent=0xa0) returned 1 [0086.703] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0087.020] SetEvent (hEvent=0xa0) returned 1 [0087.020] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0087.258] SetEvent (hEvent=0xa0) returned 1 [0087.258] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0087.636] SetEvent (hEvent=0xa0) returned 1 [0087.636] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0088.001] SetEvent (hEvent=0xa0) returned 1 [0088.001] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0088.239] SetEvent (hEvent=0xa0) returned 1 [0088.239] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0088.548] SetEvent (hEvent=0xa0) returned 1 [0088.548] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0088.678] SwitchToThread () returned 1 [0088.682] SetEvent (hEvent=0xbc) returned 1 [0088.683] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0115.986] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0116.221] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0119.399] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0119.985] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0120.025] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0122.149] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0123.976] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0124.086] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0127.081] SetEvent (hEvent=0xbc) returned 1 [0127.081] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0127.608] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0127.818] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0128.976] SwitchToThread () returned 1 [0128.976] SetEvent (hEvent=0xb0) returned 1 [0128.977] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0129.207] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0129.417] SetEvent (hEvent=0xb0) returned 1 [0129.769] GetProcAddress (hModule=0x7feffa10000, lpProcName="WSARecv") returned 0x7feffa12200 [0129.769] WSARecv (in: s=0x1c0, lpBuffers=0xc000248058, dwBufferCount=0x1, lpNumberOfBytesRecvd=0xc000248048, lpFlags=0xc0002480c8*=0x0, lpOverlapped=0xc000248018, lpCompletionRoutine=0x0 | out: lpBuffers=0xc000248058*=((len=0x1000, buf=0xc00024a000*)), lpNumberOfBytesRecvd=0xc000248048*=0x0, lpFlags=0xc0002480c8*=0x0, lpOverlapped=0xc000248018) returned 0 [0129.773] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) Thread: id = 6 os_tid = 0xdbc [0084.299] free (_Block=0x785ae0) [0084.299] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2862fab0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2862fab0*=0xdc) returned 1 [0084.299] VirtualQuery (in: lpAddress=0x2862fab8, lpBuffer=0x2862fab8, dwLength=0x30 | out: lpBuffer=0x2862fab8*(BaseAddress=0x2862f000, AllocationBase=0x28430000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0084.299] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe0 [0084.299] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe4 [0084.299] WaitForSingleObject (hHandle=0xe0, dwMilliseconds=0xffffffff) Thread: id = 7 os_tid = 0xdc0 Thread: id = 8 os_tid = 0xde8 Thread: id = 86 os_tid = 0xe30 [0129.838] free (_Block=0x785ae0) [0129.839] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x293dfa50, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x293dfa50*=0x1dc) returned 1 [0129.839] VirtualQuery (in: lpAddress=0x293dfa58, lpBuffer=0x293dfa58, dwLength=0x30 | out: lpBuffer=0x293dfa58*(BaseAddress=0x293df000, AllocationBase=0x291e0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0129.839] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1e0 [0129.839] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1e4 [0129.839] WaitForSingleObject (hHandle=0x1e0, dwMilliseconds=0xffffffff) returned 0x0 [0129.946] WaitForSingleObject (hHandle=0x1e0, dwMilliseconds=0xffffffff) returned 0x0 [0130.517] WaitForSingleObject (hHandle=0x1e0, dwMilliseconds=0xffffffff) returned 0x0 [0131.363] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x293df160, ulCount=0x10, ulNumEntriesRemoved=0x293df134, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x293df160, ulNumEntriesRemoved=0x293df134) returned 0 [0131.363] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x293df160, ulCount=0x10, ulNumEntriesRemoved=0x293df134, dwMilliseconds=0xffffffff, fAlertable=0 | out: lpCompletionPortEntries=0x293df160, ulNumEntriesRemoved=0x293df134) returned 1 [0131.585] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x293df160, ulCount=0x10, ulNumEntriesRemoved=0x293df134, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x293df160, ulNumEntriesRemoved=0x293df134) returned 0 [0131.585] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x293df160, ulCount=0x10, ulNumEntriesRemoved=0x293df134, dwMilliseconds=0x15f70, fAlertable=0 | out: lpCompletionPortEntries=0x293df160, ulNumEntriesRemoved=0x293df134) returned 1 [0135.820] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x293df160, ulCount=0x10, ulNumEntriesRemoved=0x293df134, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x293df160, ulNumEntriesRemoved=0x293df134) returned 0 [0135.820] SwitchToThread () returned 1 [0135.870] WaitForSingleObject (hHandle=0x1e0, dwMilliseconds=0xffffffff) returned 0x0 [0136.089] WaitForSingleObject (hHandle=0x1e0, dwMilliseconds=0xffffffff) returned 0x0 [0136.191] PostQueuedCompletionStatus (CompletionPort=0x1ac, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0136.191] WaitForSingleObject (hHandle=0x1e0, dwMilliseconds=0xffffffff) returned 0x0 [0136.403] GetQueuedCompletionStatusEx (in: CompletionPort=0x1ac, lpCompletionPortEntries=0x293df160, ulCount=0x10, ulNumEntriesRemoved=0x293df134, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x293df160, ulNumEntriesRemoved=0x293df134) returned 0 [0136.404] GetQueuedCompletionStatusEx (CompletionPort=0x1ac, lpCompletionPortEntries=0x293df160, ulCount=0x10, ulNumEntriesRemoved=0x293df134, dwMilliseconds=0x159cf, fAlertable=0) Process: id = "2" image_name = "wmic.exe" filename = "c:\\windows\\system32\\wbem\\wmic.exe" page_root = "0x42fd8000" os_pid = "0xdec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xd74" cmd_line = "wmic cpu get name" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0ba" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1132 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1133 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1134 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1135 start_va = 0x130000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1136 start_va = 0x77880000 end_va = 0x77a28fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1137 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1138 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1139 start_va = 0xff9f0000 end_va = 0xffa7cfff monitored = 1 entry_point = 0xffa3cc30 region_type = mapped_file name = "wmic.exe" filename = "\\Windows\\System32\\wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe") Region: id = 1140 start_va = 0x7feffba0000 end_va = 0x7feffba0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1141 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1142 start_va = 0x7fffffdd000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1143 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1144 start_va = 0x1b0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1145 start_va = 0x77660000 end_va = 0x7777efff monitored = 0 entry_point = 0x77675340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1146 start_va = 0x7fefd920000 end_va = 0x7fefd98bfff monitored = 0 entry_point = 0x7fefd922780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1147 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1148 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1149 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1150 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1151 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1152 start_va = 0x7feff870000 end_va = 0x7feff94afff monitored = 0 entry_point = 0x7feff890760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1153 start_va = 0x7feff7d0000 end_va = 0x7feff86efff monitored = 0 entry_point = 0x7feff7d25a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1154 start_va = 0x7fefdef0000 end_va = 0x7fefdf0efff monitored = 0 entry_point = 0x7fefdef60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1155 start_va = 0x7feffa60000 end_va = 0x7feffb8cfff monitored = 0 entry_point = 0x7feffaaed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1156 start_va = 0x7fefdf10000 end_va = 0x7fefe112fff monitored = 0 entry_point = 0x7fefdf33330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1157 start_va = 0x7feff980000 end_va = 0x7feff9e6fff monitored = 0 entry_point = 0x7feff98b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1158 start_va = 0x77780000 end_va = 0x77879fff monitored = 0 entry_point = 0x7779a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1159 start_va = 0x7fefef80000 end_va = 0x7fefef8dfff monitored = 0 entry_point = 0x7fefef81080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1160 start_va = 0x7fefe120000 end_va = 0x7fefe1e8fff monitored = 0 entry_point = 0x7fefe19a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1161 start_va = 0x7feff550000 end_va = 0x7feff626fff monitored = 0 entry_point = 0x7feff553274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1162 start_va = 0x7fef4dc0000 end_va = 0x7fef4e02fff monitored = 0 entry_point = 0x7fef4de1b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1163 start_va = 0x7fefd690000 end_va = 0x7fefd6b4fff monitored = 0 entry_point = 0x7fefd699658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1164 start_va = 0x7feff630000 end_va = 0x7feff6a0fff monitored = 0 entry_point = 0x7feff641e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1165 start_va = 0x7feffa10000 end_va = 0x7feffa5cfff monitored = 0 entry_point = 0x7feffa11070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1166 start_va = 0x7feff540000 end_va = 0x7feff547fff monitored = 0 entry_point = 0x7feff541504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1167 start_va = 0x7fefd660000 end_va = 0x7fefd66afff monitored = 0 entry_point = 0x7fefd661030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1168 start_va = 0x7fefb2c0000 end_va = 0x7fefb2e6fff monitored = 0 entry_point = 0x7fefb2c98bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1169 start_va = 0x7fefb2b0000 end_va = 0x7fefb2bafff monitored = 0 entry_point = 0x7fefb2b1198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1170 start_va = 0x3f0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1171 start_va = 0x1b0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1172 start_va = 0x2f0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1173 start_va = 0x3f0000 end_va = 0x577fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1174 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1175 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1176 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1177 start_va = 0x7feff950000 end_va = 0x7feff97dfff monitored = 0 entry_point = 0x7feff951010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1178 start_va = 0x7feff3d0000 end_va = 0x7feff4d8fff monitored = 0 entry_point = 0x7feff3d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1179 start_va = 0x5b0000 end_va = 0x730fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 1180 start_va = 0x740000 end_va = 0x1b3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 1181 start_va = 0xc0000 end_va = 0xcffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmic.exe.mui" filename = "\\Windows\\System32\\wbem\\en-US\\WMIC.exe.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\wmic.exe.mui") Region: id = 1182 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1183 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1184 start_va = 0x1b40000 end_va = 0x1bbcfff monitored = 0 entry_point = 0x1b4cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1185 start_va = 0x1b40000 end_va = 0x1bbcfff monitored = 0 entry_point = 0x1b4cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1186 start_va = 0x7fefd6c0000 end_va = 0x7fefd6cefff monitored = 0 entry_point = 0x7fefd6c1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1187 start_va = 0x1bc0000 end_va = 0x1c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bc0000" filename = "" Region: id = 1188 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 1189 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 1190 start_va = 0x7fefde50000 end_va = 0x7fefdee8fff monitored = 0 entry_point = 0x7fefde51c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1191 start_va = 0x100000 end_va = 0x100fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 1192 start_va = 0x7fef9bd0000 end_va = 0x7fef9bddfff monitored = 0 entry_point = 0x7fef9bd5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1193 start_va = 0x7fef9e70000 end_va = 0x7fef9ee6fff monitored = 0 entry_point = 0x7fef9eae7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1194 start_va = 0x7fefd230000 end_va = 0x7fefd251fff monitored = 0 entry_point = 0x7fefd235d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1195 start_va = 0x1c40000 end_va = 0x1f0efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1196 start_va = 0x7fef3f70000 end_va = 0x7fef4143fff monitored = 0 entry_point = 0x7fef3fa6b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1197 start_va = 0x1f10000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 1198 start_va = 0x1fe0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 1199 start_va = 0x20b0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 1200 start_va = 0x21b0000 end_va = 0x240ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 1201 start_va = 0x21b0000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 1202 start_va = 0x2390000 end_va = 0x240ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002390000" filename = "" Region: id = 1203 start_va = 0x2410000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 1204 start_va = 0x2600000 end_va = 0x281ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 1205 start_va = 0x2250000 end_va = 0x230ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1206 start_va = 0x2820000 end_va = 0x2c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002820000" filename = "" Region: id = 1207 start_va = 0x110000 end_va = 0x110fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 1208 start_va = 0x2b0000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 1209 start_va = 0x7fefdba0000 end_va = 0x7fefdd17fff monitored = 0 entry_point = 0x7fefdba10e0 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1210 start_va = 0x7fefdd20000 end_va = 0x7fefde49fff monitored = 0 entry_point = 0x7fefdd210d4 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1211 start_va = 0x7feff170000 end_va = 0x7feff3c8fff monitored = 0 entry_point = 0x7feff171340 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1212 start_va = 0x7fefda30000 end_va = 0x7fefdb9cfff monitored = 0 entry_point = 0x7fefda310b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1213 start_va = 0x7fefd870000 end_va = 0x7fefd87efff monitored = 0 entry_point = 0x7fefd871020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1214 start_va = 0x120000 end_va = 0x121fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 1215 start_va = 0x7fefc300000 end_va = 0x7fefc4f3fff monitored = 0 entry_point = 0x7fefc48c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1216 start_va = 0x2d0000 end_va = 0x2d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1217 start_va = 0x2e0000 end_va = 0x2e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 1218 start_va = 0x7fefe1f0000 end_va = 0x7fefef77fff monitored = 0 entry_point = 0x7fefe26cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1219 start_va = 0x2d0000 end_va = 0x2d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 1220 start_va = 0x7fefd7d0000 end_va = 0x7fefd7defff monitored = 0 entry_point = 0x7fefd7d19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1221 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 1222 start_va = 0x590000 end_va = 0x597fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 1223 start_va = 0x1b40000 end_va = 0x1b4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 1224 start_va = 0x7fefcee0000 end_va = 0x7fefcf3afff monitored = 0 entry_point = 0x7fefcee6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1225 start_va = 0x2410000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 1226 start_va = 0x2580000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 1227 start_va = 0x7fefc120000 end_va = 0x7fefc175fff monitored = 0 entry_point = 0x7fefc12bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1228 start_va = 0x2c20000 end_va = 0x2dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c20000" filename = "" Region: id = 1229 start_va = 0x2600000 end_va = 0x26defff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002600000" filename = "" Region: id = 1230 start_va = 0x27a0000 end_va = 0x281ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027a0000" filename = "" Region: id = 1231 start_va = 0x20b0000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 1232 start_va = 0x2130000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 1233 start_va = 0x7fefd0c0000 end_va = 0x7fefd0d7fff monitored = 0 entry_point = 0x7fefd0c3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1234 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1235 start_va = 0x1b50000 end_va = 0x1b94fff monitored = 0 entry_point = 0x1b51064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1236 start_va = 0x1b50000 end_va = 0x1b94fff monitored = 0 entry_point = 0x1b51064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1237 start_va = 0x1b50000 end_va = 0x1b94fff monitored = 0 entry_point = 0x1b51064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1238 start_va = 0x1b50000 end_va = 0x1b94fff monitored = 0 entry_point = 0x1b51064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1239 start_va = 0x1b50000 end_va = 0x1b94fff monitored = 0 entry_point = 0x1b51064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1240 start_va = 0x7fefcdc0000 end_va = 0x7fefce06fff monitored = 0 entry_point = 0x7fefcdc1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1241 start_va = 0x7fefd7b0000 end_va = 0x7fefd7c3fff monitored = 0 entry_point = 0x7fefd7b10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1242 start_va = 0x2e10000 end_va = 0x2e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 1243 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1244 start_va = 0x2710000 end_va = 0x278ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002710000" filename = "" Region: id = 1245 start_va = 0x2e90000 end_va = 0x2f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e90000" filename = "" Region: id = 1246 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1247 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1248 start_va = 0x7fef3120000 end_va = 0x7fef3132fff monitored = 0 entry_point = 0x7fef3127b68 region_type = mapped_file name = "msoxmlmf.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSOXMLMF.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msoxmlmf.dll") Region: id = 1249 start_va = 0x7fef8c20000 end_va = 0x7fef8c38fff monitored = 0 entry_point = 0x7fef8c2ee50 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 1250 start_va = 0x7fef8c10000 end_va = 0x7fef8c13fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 1251 start_va = 0x7fef8b10000 end_va = 0x7fef8c01fff monitored = 0 entry_point = 0x7fef8b19060 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1252 start_va = 0x7fef8b00000 end_va = 0x7fef8b02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 1253 start_va = 0x7fef8af0000 end_va = 0x7fef8af2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 1254 start_va = 0x7fef8ae0000 end_va = 0x7fef8ae2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 1255 start_va = 0x7fef9260000 end_va = 0x7fef9262fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1256 start_va = 0x7fef8ad0000 end_va = 0x7fef8ad2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 1257 start_va = 0x7fef8ac0000 end_va = 0x7fef8ac2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 1258 start_va = 0x7fef8ab0000 end_va = 0x7fef8ab2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 1259 start_va = 0x7fef8aa0000 end_va = 0x7fef8aa3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 1260 start_va = 0x7fef8a90000 end_va = 0x7fef8a93fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 1261 start_va = 0x7fef8a80000 end_va = 0x7fef8a83fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 1262 start_va = 0x1b50000 end_va = 0x1b50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b50000" filename = "" Region: id = 1263 start_va = 0x1b60000 end_va = 0x1b60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b60000" filename = "" Region: id = 1633 start_va = 0x7fef98f0000 end_va = 0x7fef9902fff monitored = 0 entry_point = 0x7fef98f1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1634 start_va = 0x7fef9c10000 end_va = 0x7fef9ce2fff monitored = 0 entry_point = 0x7fef9c88b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1635 start_va = 0x7fef9be0000 end_va = 0x7fef9c06fff monitored = 0 entry_point = 0x7fef9be11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1636 start_va = 0x1b70000 end_va = 0x1b7bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b70000" filename = "" Region: id = 1744 start_va = 0x7fef7300000 end_va = 0x7fef7316fff monitored = 0 entry_point = 0x7fef730eba0 region_type = mapped_file name = "wmi2xml.dll" filename = "\\Windows\\System32\\wbem\\xml\\wmi2xml.dll" (normalized: "c:\\windows\\system32\\wbem\\xml\\wmi2xml.dll") Region: id = 1745 start_va = 0x2c20000 end_va = 0x2d1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c20000" filename = "" Region: id = 1746 start_va = 0x2d80000 end_va = 0x2dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d80000" filename = "" Region: id = 1747 start_va = 0x7fef4b40000 end_va = 0x7fef4bd9fff monitored = 1 entry_point = 0x7fef4b4e1b8 region_type = mapped_file name = "vbscript.dll" filename = "\\Windows\\System32\\vbscript.dll" (normalized: "c:\\windows\\system32\\vbscript.dll") Region: id = 1748 start_va = 0x1b70000 end_va = 0x1b8afff monitored = 0 entry_point = 0x1ba6b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1749 start_va = 0x7fefd6d0000 end_va = 0x7fefd760fff monitored = 0 entry_point = 0x7fefd6d1440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1750 start_va = 0x1b90000 end_va = 0x1b93fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 1751 start_va = 0x2f10000 end_va = 0x351cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f10000" filename = "" Thread: id = 9 os_tid = 0xdf0 [0116.053] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af910 | out: lpSystemTimeAsFileTime=0x1af910*(dwLowDateTime=0x948cea40, dwHighDateTime=0x1da5d2f)) [0116.053] GetCurrentProcessId () returned 0xdec [0116.053] GetCurrentThreadId () returned 0xdf0 [0116.053] GetTickCount () returned 0x14dbd6b [0116.053] QueryPerformanceCounter (in: lpPerformanceCount=0x1af918 | out: lpPerformanceCount=0x1af918*=2201684799030) returned 1 [0116.054] GetModuleHandleW (lpModuleName=0x0) returned 0xff9f0000 [0116.054] __set_app_type (_Type=0x1) [0116.054] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xffa3ced0) returned 0x0 [0116.055] __wgetmainargs (in: _Argc=0xffa62380, _Argv=0xffa62390, _Env=0xffa62388, _DoWildCard=0, _StartInfo=0xffa6239c | out: _Argc=0xffa62380, _Argv=0xffa62390, _Env=0xffa62388) returned 0 [0116.056] ??0CHString@@QEAA@XZ () returned 0xffa62ab0 [0116.057] malloc (_Size=0x30) returned 0x1bdf90 [0116.057] malloc (_Size=0x70) returned 0x5a7a60 [0116.058] malloc (_Size=0x50) returned 0x5a5ae0 [0116.058] malloc (_Size=0x30) returned 0x5a7ae0 [0116.058] malloc (_Size=0x48) returned 0x5a7b20 [0116.058] malloc (_Size=0x30) returned 0x5a7b70 [0116.058] malloc (_Size=0x30) returned 0x5a7bb0 [0116.058] ??0CHString@@QEAA@XZ () returned 0xffa62f58 [0116.058] malloc (_Size=0x30) returned 0x5a7bf0 [0116.058] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4dfc96c [0116.059] SetConsoleCtrlHandler (HandlerRoutine=0xffa35724, Add=1) returned 1 [0116.059] _onexit (_Func=0xffa4f378) returned 0xffa4f378 [0116.059] _onexit (_Func=0xffa4f490) returned 0xffa4f490 [0116.060] _onexit (_Func=0xffa4f4d0) returned 0xffa4f4d0 [0116.061] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0116.061] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0116.121] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0116.211] CoCreateInstance (in: rclsid=0xff9f73a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff9f7370*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xffa62940 | out: ppv=0xffa62940*=0x31cba0) returned 0x0 [0116.289] GetCurrentProcess () returned 0xffffffffffffffff [0116.289] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x1af6e0 | out: TokenHandle=0x1af6e0*=0x104) returned 1 [0116.289] GetTokenInformation (in: TokenHandle=0x104, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1af6d8 | out: TokenInformation=0x0, ReturnLength=0x1af6d8) returned 0 [0116.290] malloc (_Size=0x118) returned 0x5a62b0 [0116.290] GetTokenInformation (in: TokenHandle=0x104, TokenInformationClass=0x3, TokenInformation=0x5a62b0, TokenInformationLength=0x118, ReturnLength=0x1af6d8 | out: TokenInformation=0x5a62b0, ReturnLength=0x1af6d8) returned 1 [0116.290] AdjustTokenPrivileges (in: TokenHandle=0x104, DisableAllPrivileges=0, NewState=0x5a62b0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=-1238055921, Attributes=0x84fa), (Luid.LowPart=0x0, Luid.HighPart=5930848, Attributes=0x0), (Luid.LowPart=0x610072, Luid.HighPart=2097261, Attributes=0x690046), (Luid.LowPart=0x200073, Luid.HighPart=7864360, Attributes=0x360038), (Luid.LowPart=0x6f0043, Luid.HighPart=7143533, Attributes=0x6e006f), (Luid.LowPart=0x6c0069, Luid.HighPart=7536741, Attributes=0x430000))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0116.291] free (_Block=0x5a62b0) [0116.291] CloseHandle (hObject=0x104) returned 1 [0116.291] malloc (_Size=0x40) returned 0x5a7f60 [0116.291] malloc (_Size=0x40) returned 0x5a62b0 [0116.292] malloc (_Size=0x40) returned 0x5a6300 [0116.292] malloc (_Size=0x20a) returned 0x5a6350 [0116.292] GetSystemDirectoryW (in: lpBuffer=0x5a6350, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0116.292] free (_Block=0x5a6350) [0116.292] malloc (_Size=0x18) returned 0x5a7fb0 [0116.293] malloc (_Size=0x18) returned 0x5a6350 [0116.293] malloc (_Size=0x18) returned 0x5a6370 [0116.293] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0116.293] SysStringLen (param_1="\\kernel32.dll") returned 0xd [0116.293] memcpy (in: _Dst=0x324208, _Src=0x321378, _Size=0x28 | out: _Dst=0x324208) returned 0x324208 [0116.293] memcpy (in: _Dst=0x32422e, _Src=0x3213b8, _Size=0x1c | out: _Dst=0x32422e) returned 0x32422e [0116.294] free (_Block=0x5a7fb0) [0116.294] free (_Block=0x5a6350) [0116.294] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x77660000 [0116.294] GetProcAddress (hModule=0x77660000, lpProcName="SetThreadUILanguage") returned 0x776761e0 [0116.294] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0116.295] FreeLibrary (hLibModule=0x77660000) returned 1 [0116.295] free (_Block=0x5a6370) [0116.295] _vsnwprintf (in: _Buffer=0x5a6300, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0x1af308 | out: _Buffer="ms_409") returned 6 [0116.295] malloc (_Size=0x20) returned 0x5a6350 [0116.295] GetComputerNameW (in: lpBuffer=0x5a6350, nSize=0x1af6e0 | out: lpBuffer="Q9IATRKPRH", nSize=0x1af6e0) returned 1 [0116.297] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0116.297] malloc (_Size=0x16) returned 0x5a7fb0 [0116.297] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0116.297] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0x1af6d8 | out: lpNameBuffer=0x0, nSize=0x1af6d8) returned 0x7fffffde000 [0116.300] GetLastError () returned 0xea [0116.301] malloc (_Size=0x2c) returned 0x5a6380 [0116.301] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5a6380, nSize=0x1af6d8 | out: lpNameBuffer="Q9IATRKPRH\\kEecfMwgj", nSize=0x1af6d8) returned 0x1 [0116.301] lstrlenW (lpString="") returned 0 [0116.302] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0116.302] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2="", cchCount2=0) returned 3 [0116.309] lstrlenW (lpString=".") returned 1 [0116.309] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0116.309] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2=".", cchCount2=1) returned 3 [0116.309] lstrlenW (lpString="LOCALHOST") returned 9 [0116.309] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0116.309] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2="LOCALHOST", cchCount2=9) returned 3 [0116.309] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0116.309] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0116.309] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2="Q9IATRKPRH", cchCount2=10) returned 2 [0116.309] free (_Block=0x5a7fb0) [0116.310] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0116.310] malloc (_Size=0x16) returned 0x5a7fb0 [0116.310] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0116.310] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0116.310] malloc (_Size=0x16) returned 0x5a63c0 [0116.310] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0116.310] malloc (_Size=0x8) returned 0x5a63e0 [0116.311] malloc (_Size=0x18) returned 0x5a6400 [0116.311] malloc (_Size=0x30) returned 0x5a6420 [0116.311] malloc (_Size=0x18) returned 0x5a6460 [0116.311] SysStringLen (param_1="IDENTIFY") returned 0x8 [0116.311] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0116.311] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0116.311] SysStringLen (param_1="IDENTIFY") returned 0x8 [0116.311] malloc (_Size=0x30) returned 0x5a6480 [0116.312] malloc (_Size=0x18) returned 0x5a64c0 [0116.312] SysStringLen (param_1="IMPERSONATE") returned 0xb [0116.312] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0116.312] SysStringLen (param_1="IMPERSONATE") returned 0xb [0116.312] SysStringLen (param_1="IDENTIFY") returned 0x8 [0116.312] SysStringLen (param_1="IDENTIFY") returned 0x8 [0116.312] SysStringLen (param_1="IMPERSONATE") returned 0xb [0116.312] malloc (_Size=0x30) returned 0x5a64e0 [0116.312] malloc (_Size=0x18) returned 0x5a6520 [0116.312] SysStringLen (param_1="DELEGATE") returned 0x8 [0116.312] SysStringLen (param_1="IDENTIFY") returned 0x8 [0116.312] SysStringLen (param_1="DELEGATE") returned 0x8 [0116.313] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0116.313] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0116.313] SysStringLen (param_1="DELEGATE") returned 0x8 [0116.313] malloc (_Size=0x30) returned 0x5a6540 [0116.313] malloc (_Size=0x18) returned 0x5a6580 [0116.313] malloc (_Size=0x30) returned 0x5a65a0 [0116.313] malloc (_Size=0x18) returned 0x5a65e0 [0116.313] SysStringLen (param_1="NONE") returned 0x4 [0116.313] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.313] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.314] SysStringLen (param_1="NONE") returned 0x4 [0116.314] malloc (_Size=0x30) returned 0x5a6600 [0116.314] malloc (_Size=0x18) returned 0x5a6640 [0116.314] SysStringLen (param_1="CONNECT") returned 0x7 [0116.314] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.314] malloc (_Size=0x30) returned 0x5a6660 [0116.314] malloc (_Size=0x18) returned 0x5a66a0 [0116.314] SysStringLen (param_1="CALL") returned 0x4 [0116.314] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.314] SysStringLen (param_1="CALL") returned 0x4 [0116.314] SysStringLen (param_1="CONNECT") returned 0x7 [0116.314] malloc (_Size=0x30) returned 0x5a66c0 [0116.315] malloc (_Size=0x18) returned 0x5a6700 [0116.315] SysStringLen (param_1="PKT") returned 0x3 [0116.315] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.315] SysStringLen (param_1="PKT") returned 0x3 [0116.315] SysStringLen (param_1="NONE") returned 0x4 [0116.315] SysStringLen (param_1="NONE") returned 0x4 [0116.315] SysStringLen (param_1="PKT") returned 0x3 [0116.315] malloc (_Size=0x30) returned 0x5a8000 [0116.316] malloc (_Size=0x18) returned 0x5a6b20 [0116.316] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0116.316] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.316] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0116.316] SysStringLen (param_1="NONE") returned 0x4 [0116.319] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0116.319] SysStringLen (param_1="PKT") returned 0x3 [0116.320] SysStringLen (param_1="PKT") returned 0x3 [0116.320] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0116.320] malloc (_Size=0x30) returned 0x5a8040 [0116.320] malloc (_Size=0x18) returned 0x5a6b40 [0116.320] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0116.320] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.320] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0116.320] SysStringLen (param_1="PKT") returned 0x3 [0116.320] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0116.320] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0116.320] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0116.320] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0116.320] malloc (_Size=0x30) returned 0x5a8080 [0116.320] malloc (_Size=0x40) returned 0x5a6b60 [0116.321] malloc (_Size=0x20a) returned 0x5a6bb0 [0116.321] GetSystemDirectoryW (in: lpBuffer=0x5a6bb0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0116.321] free (_Block=0x5a6bb0) [0116.321] malloc (_Size=0x18) returned 0x5a6bb0 [0116.322] malloc (_Size=0x18) returned 0x5a6bd0 [0116.322] malloc (_Size=0x18) returned 0x5a6bf0 [0116.322] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0116.322] SysStringLen (param_1="\\wbem\\") returned 0x6 [0116.322] memcpy (in: _Dst=0x3066b8, _Src=0x3213b8, _Size=0x28 | out: _Dst=0x3066b8) returned 0x3066b8 [0116.322] memcpy (in: _Dst=0x3066de, _Src=0x320a28, _Size=0xe | out: _Dst=0x3066de) returned 0x3066de [0116.322] free (_Block=0x5a6bb0) [0116.322] free (_Block=0x5a6bd0) [0116.322] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32 [0116.323] free (_Block=0x5a6bf0) [0116.323] malloc (_Size=0x18) returned 0x5a6bb0 [0116.323] malloc (_Size=0x18) returned 0x5a6bd0 [0116.323] malloc (_Size=0x18) returned 0x5a6bf0 [0116.323] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19 [0116.323] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10 [0116.323] memcpy (in: _Dst=0x324888, _Src=0x306708, _Size=0x34 | out: _Dst=0x324888) returned 0x324888 [0116.323] memcpy (in: _Dst=0x3248ba, _Src=0x3213b8, _Size=0x22 | out: _Dst=0x3248ba) returned 0x3248ba [0116.323] free (_Block=0x5a6bb0) [0116.323] free (_Block=0x5a6bd0) [0116.324] GetCurrentThreadId () returned 0xdf0 [0116.324] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0x1aefe0 | out: phkResult=0x1aefe0*=0x108) returned 0x0 [0116.324] RegQueryValueExW (in: hKey=0x108, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0x1af030, lpcbData=0x1aefd0*=0x400 | out: lpType=0x0, lpData=0x1af030*=0x30, lpcbData=0x1aefd0*=0x4) returned 0x0 [0116.324] _wcsicmp (_String1="0", _String2="1") returned -1 [0116.324] _wcsicmp (_String1="0", _String2="2") returned -2 [0116.324] RegQueryValueExW (in: hKey=0x108, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x1aefd0*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0x1aefd0*=0x42) returned 0x0 [0116.325] malloc (_Size=0x86) returned 0x5a6c10 [0116.325] RegQueryValueExW (in: hKey=0x108, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x5a6c10, lpcbData=0x1aefd0*=0x42 | out: lpType=0x0, lpData=0x5a6c10*=0x25, lpcbData=0x1aefd0*=0x42) returned 0x0 [0116.325] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0116.325] malloc (_Size=0x42) returned 0x5a6ca0 [0116.325] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0116.325] RegQueryValueExW (in: hKey=0x108, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0x1af030, lpcbData=0x1aefd0*=0x400 | out: lpType=0x0, lpData=0x1af030*=0x36, lpcbData=0x1aefd0*=0xc) returned 0x0 [0116.325] _wtol (_String="65536") returned 65536 [0116.326] free (_Block=0x5a6c10) [0116.326] RegCloseKey (hKey=0x0) returned 0x6 [0116.326] CoCreateInstance (in: rclsid=0xff9f7410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff9f73f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x1af4d8 | out: ppv=0x1af4d8*=0x1f671d0) returned 0x0 [0116.404] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x1f671d0, xmlSource=0x1af620*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x5a6bb0), isSuccessful=0x1af690 | out: isSuccessful=0x1af690*=0xffff) returned 0x0 [0117.616] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x1f671d0, DOMElement=0x1af4d0 | out: DOMElement=0x1af4d0*=0x1f6bc50) returned 0x0 [0117.616] malloc (_Size=0x18) returned 0x5a6bb0 [0117.617] IXMLDOMElement:getElementsByTagName (in: This=0x1f6bc50, tagName="XSLFORMAT", resultList=0x1af4e0 | out: resultList=0x1af4e0*=0x1f69cc0) returned 0x0 [0117.619] free (_Block=0x5a6bb0) [0117.619] IXMLDOMNodeList:get_length (in: This=0x1f69cc0, listLength=0x1af6a8 | out: listLength=0x1af6a8*=21) returned 0x0 [0117.619] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=0, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.620] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="texttable.xsl") returned 0x0 [0117.620] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.620] malloc (_Size=0x18) returned 0x5a6bb0 [0117.620] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.620] free (_Block=0x5a6bb0) [0117.621] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="TABLE", varVal2=0x4)) returned 0x0 [0117.621] malloc (_Size=0x18) returned 0x5a6bb0 [0117.621] malloc (_Size=0x18) returned 0x5a6bd0 [0117.621] malloc (_Size=0x30) returned 0x5a80c0 [0117.622] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.622] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.622] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.622] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=1, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.622] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="textvaluelist.xsl") returned 0x0 [0117.622] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.622] malloc (_Size=0x18) returned 0x5a6c10 [0117.622] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.622] free (_Block=0x5a6c10) [0117.623] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="VALUE", varVal2=0x4)) returned 0x0 [0117.623] malloc (_Size=0x18) returned 0x5ac380 [0117.623] malloc (_Size=0x18) returned 0x5ac3a0 [0117.623] SysStringLen (param_1="VALUE") returned 0x5 [0117.623] SysStringLen (param_1="TABLE") returned 0x5 [0117.623] SysStringLen (param_1="TABLE") returned 0x5 [0117.623] SysStringLen (param_1="VALUE") returned 0x5 [0117.623] malloc (_Size=0x30) returned 0x5a8100 [0117.624] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.624] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.624] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.624] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=2, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.624] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="textvaluelist.xsl") returned 0x0 [0117.624] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.624] malloc (_Size=0x18) returned 0x5ac3c0 [0117.624] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.624] free (_Block=0x5ac3c0) [0117.625] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LIST", varVal2=0x4)) returned 0x0 [0117.625] malloc (_Size=0x18) returned 0x5ac3c0 [0117.625] malloc (_Size=0x18) returned 0x5ac3e0 [0117.625] SysStringLen (param_1="LIST") returned 0x4 [0117.625] SysStringLen (param_1="TABLE") returned 0x5 [0117.625] malloc (_Size=0x30) returned 0x5a8140 [0117.625] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.625] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.626] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.626] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=3, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.626] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="rawxml.xsl") returned 0x0 [0117.626] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.626] malloc (_Size=0x18) returned 0x5ac400 [0117.626] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.626] free (_Block=0x5ac400) [0117.627] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RAWXML", varVal2=0x4)) returned 0x0 [0117.627] malloc (_Size=0x18) returned 0x5ac400 [0117.627] malloc (_Size=0x18) returned 0x5ac420 [0117.627] SysStringLen (param_1="RAWXML") returned 0x6 [0117.627] SysStringLen (param_1="TABLE") returned 0x5 [0117.627] SysStringLen (param_1="RAWXML") returned 0x6 [0117.627] SysStringLen (param_1="LIST") returned 0x4 [0117.627] SysStringLen (param_1="LIST") returned 0x4 [0117.627] SysStringLen (param_1="RAWXML") returned 0x6 [0117.628] malloc (_Size=0x30) returned 0x5a8180 [0117.628] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.628] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.628] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.628] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=4, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.628] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="htable.xsl") returned 0x0 [0117.628] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.628] malloc (_Size=0x18) returned 0x5ac440 [0117.628] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.629] free (_Block=0x5ac440) [0117.629] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HTABLE", varVal2=0x4)) returned 0x0 [0117.629] malloc (_Size=0x18) returned 0x5ac440 [0117.629] malloc (_Size=0x18) returned 0x5ac460 [0117.629] SysStringLen (param_1="HTABLE") returned 0x6 [0117.629] SysStringLen (param_1="TABLE") returned 0x5 [0117.629] SysStringLen (param_1="HTABLE") returned 0x6 [0117.629] SysStringLen (param_1="LIST") returned 0x4 [0117.630] malloc (_Size=0x30) returned 0x5a81c0 [0117.630] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.630] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.630] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.630] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=5, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.630] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="hform.xsl") returned 0x0 [0117.630] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.630] malloc (_Size=0x18) returned 0x5ac480 [0117.631] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.631] free (_Block=0x5ac480) [0117.631] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HFORM", varVal2=0x4)) returned 0x0 [0117.631] malloc (_Size=0x18) returned 0x5ac480 [0117.631] malloc (_Size=0x18) returned 0x5ac4a0 [0117.631] SysStringLen (param_1="HFORM") returned 0x5 [0117.631] SysStringLen (param_1="TABLE") returned 0x5 [0117.631] SysStringLen (param_1="HFORM") returned 0x5 [0117.631] SysStringLen (param_1="LIST") returned 0x4 [0117.631] SysStringLen (param_1="HFORM") returned 0x5 [0117.632] SysStringLen (param_1="HTABLE") returned 0x6 [0117.632] malloc (_Size=0x30) returned 0x5a8200 [0117.632] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.632] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.632] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.632] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=6, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.632] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="xml.xsl") returned 0x0 [0117.632] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.632] malloc (_Size=0x18) returned 0x5ac4c0 [0117.632] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.633] free (_Block=0x5ac4c0) [0117.633] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XML", varVal2=0x4)) returned 0x0 [0117.633] malloc (_Size=0x18) returned 0x5ac4c0 [0117.633] malloc (_Size=0x18) returned 0x5ac4e0 [0117.633] SysStringLen (param_1="XML") returned 0x3 [0117.633] SysStringLen (param_1="TABLE") returned 0x5 [0117.633] SysStringLen (param_1="XML") returned 0x3 [0117.633] SysStringLen (param_1="VALUE") returned 0x5 [0117.633] SysStringLen (param_1="VALUE") returned 0x5 [0117.634] SysStringLen (param_1="XML") returned 0x3 [0117.634] malloc (_Size=0x30) returned 0x5a8240 [0117.634] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.634] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.634] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.634] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=7, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.634] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="mof.xsl") returned 0x0 [0117.634] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.634] malloc (_Size=0x18) returned 0x5ac500 [0117.635] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.635] free (_Block=0x5ac500) [0117.635] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MOF", varVal2=0x4)) returned 0x0 [0117.635] malloc (_Size=0x18) returned 0x5ac500 [0117.635] malloc (_Size=0x18) returned 0x5ac520 [0117.635] SysStringLen (param_1="MOF") returned 0x3 [0117.635] SysStringLen (param_1="TABLE") returned 0x5 [0117.636] SysStringLen (param_1="MOF") returned 0x3 [0117.636] SysStringLen (param_1="LIST") returned 0x4 [0117.636] SysStringLen (param_1="MOF") returned 0x3 [0117.636] SysStringLen (param_1="RAWXML") returned 0x6 [0117.636] SysStringLen (param_1="LIST") returned 0x4 [0117.636] SysStringLen (param_1="MOF") returned 0x3 [0117.636] malloc (_Size=0x30) returned 0x5a8280 [0117.636] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.636] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.636] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.637] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=8, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.637] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="csv.xsl") returned 0x0 [0117.637] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.637] malloc (_Size=0x18) returned 0x5ac540 [0117.637] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.637] free (_Block=0x5ac540) [0117.637] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSV", varVal2=0x4)) returned 0x0 [0117.638] malloc (_Size=0x18) returned 0x5ac540 [0117.638] malloc (_Size=0x18) returned 0x5ac560 [0117.638] SysStringLen (param_1="CSV") returned 0x3 [0117.638] SysStringLen (param_1="TABLE") returned 0x5 [0117.638] SysStringLen (param_1="CSV") returned 0x3 [0117.638] SysStringLen (param_1="LIST") returned 0x4 [0117.638] SysStringLen (param_1="CSV") returned 0x3 [0117.638] SysStringLen (param_1="HTABLE") returned 0x6 [0117.638] SysStringLen (param_1="CSV") returned 0x3 [0117.639] SysStringLen (param_1="HFORM") returned 0x5 [0117.639] malloc (_Size=0x30) returned 0x5a82c0 [0117.639] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.639] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.639] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.639] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=9, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.639] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="texttable.xsl") returned 0x0 [0117.639] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.640] malloc (_Size=0x18) returned 0x5ac580 [0117.640] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.640] free (_Block=0x5ac580) [0117.640] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys.xsl", varVal2=0x4)) returned 0x0 [0117.640] malloc (_Size=0x18) returned 0x5ac580 [0117.640] malloc (_Size=0x18) returned 0x5ac5a0 [0117.641] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.641] SysStringLen (param_1="TABLE") returned 0x5 [0117.641] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.641] SysStringLen (param_1="VALUE") returned 0x5 [0117.641] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.641] SysStringLen (param_1="XML") returned 0x3 [0117.641] SysStringLen (param_1="XML") returned 0x3 [0117.641] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.641] malloc (_Size=0x30) returned 0x5a8300 [0117.641] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.642] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.642] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.642] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=10, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.642] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="texttable.xsl") returned 0x0 [0117.642] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.642] malloc (_Size=0x18) returned 0x5ac5c0 [0117.652] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.652] free (_Block=0x5ac5c0) [0117.652] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys", varVal2=0x4)) returned 0x0 [0117.652] malloc (_Size=0x18) returned 0x5ac5c0 [0117.653] malloc (_Size=0x18) returned 0x5ac5e0 [0117.653] SysStringLen (param_1="texttablewsys") returned 0xd [0117.653] SysStringLen (param_1="TABLE") returned 0x5 [0117.653] SysStringLen (param_1="texttablewsys") returned 0xd [0117.653] SysStringLen (param_1="XML") returned 0x3 [0117.653] SysStringLen (param_1="texttablewsys") returned 0xd [0117.653] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.653] SysStringLen (param_1="XML") returned 0x3 [0117.653] SysStringLen (param_1="texttablewsys") returned 0xd [0117.653] malloc (_Size=0x30) returned 0x5a8340 [0117.654] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.654] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.654] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.654] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=11, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.654] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="texttable.xsl") returned 0x0 [0117.654] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.654] malloc (_Size=0x18) returned 0x5ac600 [0117.654] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.655] free (_Block=0x5ac600) [0117.655] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat.xsl", varVal2=0x4)) returned 0x0 [0117.655] malloc (_Size=0x18) returned 0x5ac600 [0117.655] malloc (_Size=0x18) returned 0x5ac620 [0117.655] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.655] SysStringLen (param_1="TABLE") returned 0x5 [0117.655] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.655] SysStringLen (param_1="XML") returned 0x3 [0117.655] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.656] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.656] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.656] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.656] malloc (_Size=0x30) returned 0x5a8380 [0117.656] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.656] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.656] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.656] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=12, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.656] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="texttable.xsl") returned 0x0 [0117.656] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.657] malloc (_Size=0x18) returned 0x5ac640 [0117.657] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.657] free (_Block=0x5ac640) [0117.657] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat", varVal2=0x4)) returned 0x0 [0117.657] malloc (_Size=0x18) returned 0x5ac640 [0117.657] malloc (_Size=0x18) returned 0x5ac660 [0117.658] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0117.658] SysStringLen (param_1="TABLE") returned 0x5 [0117.658] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0117.658] SysStringLen (param_1="XML") returned 0x3 [0117.658] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0117.658] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.659] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0117.659] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.659] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.659] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0117.659] malloc (_Size=0x30) returned 0x5a83c0 [0117.659] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.659] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.659] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.659] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=13, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.659] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="texttable.xsl") returned 0x0 [0117.659] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.660] malloc (_Size=0x18) returned 0x5ac680 [0117.660] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.660] free (_Block=0x5ac680) [0117.660] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys.xsl", varVal2=0x4)) returned 0x0 [0117.660] malloc (_Size=0x18) returned 0x5ac680 [0117.660] malloc (_Size=0x18) returned 0x5ac6a0 [0117.661] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0117.661] SysStringLen (param_1="TABLE") returned 0x5 [0117.661] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0117.661] SysStringLen (param_1="XML") returned 0x3 [0117.661] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0117.661] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.661] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0117.661] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.661] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.661] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0117.661] malloc (_Size=0x30) returned 0x5a8400 [0117.661] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.662] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.662] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.662] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=14, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.662] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="texttable.xsl") returned 0x0 [0117.662] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.662] malloc (_Size=0x18) returned 0x5ac6c0 [0117.662] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.662] free (_Block=0x5ac6c0) [0117.663] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys", varVal2=0x4)) returned 0x0 [0117.663] malloc (_Size=0x18) returned 0x5ac6c0 [0117.663] malloc (_Size=0x18) returned 0x5ac6e0 [0117.663] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0117.663] SysStringLen (param_1="TABLE") returned 0x5 [0117.663] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0117.663] SysStringLen (param_1="XML") returned 0x3 [0117.663] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0117.663] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.663] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0117.664] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.664] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0117.664] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0117.664] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.664] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0117.664] malloc (_Size=0x30) returned 0x5a8440 [0117.664] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.664] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.664] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.664] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=15, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.664] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="htable.xsl") returned 0x0 [0117.665] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.665] malloc (_Size=0x18) returned 0x5ac700 [0117.665] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.665] free (_Block=0x5ac700) [0117.665] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby.xsl", varVal2=0x4)) returned 0x0 [0117.665] malloc (_Size=0x18) returned 0x5ac700 [0117.665] malloc (_Size=0x18) returned 0x5ac720 [0117.666] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0117.666] SysStringLen (param_1="TABLE") returned 0x5 [0117.666] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0117.666] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.666] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0117.666] SysStringLen (param_1="XML") returned 0x3 [0117.666] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0117.666] SysStringLen (param_1="texttablewsys") returned 0xd [0117.666] SysStringLen (param_1="XML") returned 0x3 [0117.666] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0117.666] malloc (_Size=0x30) returned 0x5a8480 [0117.667] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.667] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.667] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.667] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=16, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.667] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="htable.xsl") returned 0x0 [0117.667] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.667] malloc (_Size=0x18) returned 0x5ac740 [0117.667] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.668] free (_Block=0x5ac740) [0117.668] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby", varVal2=0x4)) returned 0x0 [0117.668] malloc (_Size=0x18) returned 0x5ac740 [0117.668] malloc (_Size=0x18) returned 0x5ac760 [0117.668] SysStringLen (param_1="htable-sortby") returned 0xd [0117.668] SysStringLen (param_1="TABLE") returned 0x5 [0117.668] SysStringLen (param_1="htable-sortby") returned 0xd [0117.668] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.668] SysStringLen (param_1="htable-sortby") returned 0xd [0117.668] SysStringLen (param_1="XML") returned 0x3 [0117.669] SysStringLen (param_1="htable-sortby") returned 0xd [0117.669] SysStringLen (param_1="texttablewsys") returned 0xd [0117.669] SysStringLen (param_1="htable-sortby") returned 0xd [0117.669] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0117.669] SysStringLen (param_1="XML") returned 0x3 [0117.669] SysStringLen (param_1="htable-sortby") returned 0xd [0117.669] malloc (_Size=0x30) returned 0x5a84c0 [0117.669] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.669] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.669] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.670] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=17, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.670] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="mof.xsl") returned 0x0 [0117.670] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.670] malloc (_Size=0x18) returned 0x5ac780 [0117.670] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.670] free (_Block=0x5ac780) [0117.670] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat.xsl", varVal2=0x4)) returned 0x0 [0117.670] malloc (_Size=0x18) returned 0x5ac780 [0117.671] malloc (_Size=0x18) returned 0x5ac7a0 [0117.671] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0117.671] SysStringLen (param_1="TABLE") returned 0x5 [0117.671] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0117.671] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.671] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0117.671] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.671] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0117.671] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0117.671] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.672] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0117.672] malloc (_Size=0x30) returned 0x5a8500 [0117.672] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.672] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.672] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.672] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=18, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.672] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="mof.xsl") returned 0x0 [0117.672] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.672] malloc (_Size=0x18) returned 0x5ac7c0 [0117.673] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.673] free (_Block=0x5ac7c0) [0117.673] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat", varVal2=0x4)) returned 0x0 [0117.673] malloc (_Size=0x18) returned 0x5ac7c0 [0117.674] malloc (_Size=0x18) returned 0x5ac7e0 [0117.674] SysStringLen (param_1="wmiclimofformat") returned 0xf [0117.674] SysStringLen (param_1="TABLE") returned 0x5 [0117.674] SysStringLen (param_1="wmiclimofformat") returned 0xf [0117.674] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.674] SysStringLen (param_1="wmiclimofformat") returned 0xf [0117.674] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.674] SysStringLen (param_1="wmiclimofformat") returned 0xf [0117.674] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0117.674] SysStringLen (param_1="wmiclimofformat") returned 0xf [0117.674] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0117.675] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.675] SysStringLen (param_1="wmiclimofformat") returned 0xf [0117.675] malloc (_Size=0x30) returned 0x5a8540 [0117.675] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.675] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.675] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.675] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=19, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.675] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="textvaluelist.xsl") returned 0x0 [0117.675] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.675] malloc (_Size=0x18) returned 0x5ac800 [0117.676] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.676] free (_Block=0x5ac800) [0117.676] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat.xsl", varVal2=0x4)) returned 0x0 [0117.676] malloc (_Size=0x18) returned 0x5ac800 [0117.676] malloc (_Size=0x18) returned 0x5ac820 [0117.676] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0117.677] SysStringLen (param_1="TABLE") returned 0x5 [0117.677] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0117.677] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.677] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0117.677] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.677] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0117.677] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0117.677] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0117.677] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0117.677] malloc (_Size=0x30) returned 0x5a8580 [0117.677] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.677] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.678] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.678] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=20, listItem=0x1af4b0 | out: listItem=0x1af4b0*=0x1f6bd50) returned 0x0 [0117.678] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af4c0 | out: text=0x1af4c0*="textvaluelist.xsl") returned 0x0 [0117.678] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af4b8 | out: attributeMap=0x1af4b8*=0x1f678d0) returned 0x0 [0117.678] malloc (_Size=0x18) returned 0x5ac840 [0117.678] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af4c8 | out: namedItem=0x1af4c8*=0x1f6a280) returned 0x0 [0117.678] free (_Block=0x5ac840) [0117.678] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af500 | out: value=0x1af500*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat", varVal2=0x4)) returned 0x0 [0117.679] malloc (_Size=0x18) returned 0x5ac840 [0117.679] malloc (_Size=0x18) returned 0x5ac860 [0117.679] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0117.679] SysStringLen (param_1="TABLE") returned 0x5 [0117.679] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0117.679] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0117.679] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0117.679] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0117.679] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0117.679] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0117.679] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0117.679] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0117.680] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0117.680] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0117.680] malloc (_Size=0x30) returned 0x5a85c0 [0117.680] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0117.680] IUnknown:Release (This=0x1f678d0) returned 0x0 [0117.680] IUnknown:Release (This=0x1f6a280) returned 0x0 [0117.680] IUnknown:Release (This=0x1f69cc0) returned 0x0 [0117.680] FreeThreadedDOMDocument:IUnknown:Release (This=0x1f6bc50) returned 0x1 [0117.680] FreeThreadedDOMDocument:IUnknown:Release (This=0x1f671d0) returned 0x0 [0117.681] free (_Block=0x5a6bf0) [0117.681] GetCommandLineW () returned="wmic cpu get name" [0117.681] malloc (_Size=0x30) returned 0x5a8600 [0117.682] memcpy_s (in: _Destination=0x5a8600, _DestinationSize=0x2e, _Source=0x2f26d6, _SourceSize=0x22 | out: _Destination=0x5a8600) returned 0x0 [0117.682] malloc (_Size=0x18) returned 0x5ac880 [0117.682] malloc (_Size=0x18) returned 0x5ac8a0 [0117.682] malloc (_Size=0x18) returned 0x5ac8c0 [0117.682] malloc (_Size=0x18) returned 0x5ac8e0 [0117.682] malloc (_Size=0x80) returned 0x5a6bf0 [0117.683] GetLocalTime (in: lpSystemTime=0x1af670 | out: lpSystemTime=0x1af670*(wYear=0x7e8, wMonth=0x2, wDayOfWeek=0x0, wDay=0xb, wHour=0x16, wMinute=0x10, wSecond=0x1f, wMilliseconds=0x10)) [0117.683] _vsnwprintf (in: _Buffer=0x5a6bf0, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0x1af5c8 | out: _Buffer="02-11-2024T22:16:31") returned 19 [0117.683] lstrlenW (lpString=" cpu get name") returned 13 [0117.683] malloc (_Size=0x1c) returned 0x5a6cf0 [0117.683] lstrlenW (lpString=" cpu get name") returned 13 [0117.683] lstrlenW (lpString=" cpu get name") returned 13 [0117.683] malloc (_Size=0x1c) returned 0x5a6d20 [0117.683] lstrlenW (lpString=" cpu get name") returned 13 [0117.683] lstrlenW (lpString=" cpu get name") returned 13 [0117.683] lstrlenW (lpString=" cpu get name") returned 13 [0117.683] malloc (_Size=0x8) returned 0x5a6c80 [0117.683] lstrlenW (lpString="cpu") returned 3 [0117.684] _wcsicmp (_String1="cpu", _String2="\"NULL\"") returned 65 [0117.684] malloc (_Size=0x8) returned 0x5a6d50 [0117.684] malloc (_Size=0x8) returned 0x5a6d70 [0117.684] free (_Block=0x0) [0117.684] free (_Block=0x5a6c80) [0117.684] lstrlenW (lpString=" cpu get name") returned 13 [0117.684] malloc (_Size=0x8) returned 0x5a6c80 [0117.684] lstrlenW (lpString="get") returned 3 [0117.684] _wcsicmp (_String1="get", _String2="\"NULL\"") returned 69 [0117.685] malloc (_Size=0x8) returned 0x5a6d90 [0117.685] malloc (_Size=0x10) returned 0x5ac900 [0117.685] memmove_s (in: _Destination=0x5ac900, _DestinationSize=0x8, _Source=0x5a6d70, _SourceSize=0x8 | out: _Destination=0x5ac900) returned 0x0 [0117.685] free (_Block=0x5a6d70) [0117.685] free (_Block=0x0) [0117.685] free (_Block=0x5a6c80) [0117.685] lstrlenW (lpString=" cpu get name") returned 13 [0117.685] malloc (_Size=0xa) returned 0x5ac920 [0117.685] lstrlenW (lpString="name") returned 4 [0117.685] _wcsicmp (_String1="name", _String2="\"NULL\"") returned 76 [0117.685] malloc (_Size=0xa) returned 0x5ac940 [0117.685] malloc (_Size=0x18) returned 0x5ac960 [0117.685] memmove_s (in: _Destination=0x5ac960, _DestinationSize=0x10, _Source=0x5ac900, _SourceSize=0x10 | out: _Destination=0x5ac960) returned 0x0 [0117.685] free (_Block=0x5ac900) [0117.686] free (_Block=0x0) [0117.686] free (_Block=0x5ac920) [0117.686] malloc (_Size=0x18) returned 0x5ac920 [0117.686] lstrlenW (lpString="QUIT") returned 4 [0117.686] lstrlenW (lpString="cpu") returned 3 [0117.686] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="cpu", cchCount1=3, lpString2="QUIT", cchCount2=4) returned 1 [0117.686] lstrlenW (lpString="EXIT") returned 4 [0117.686] lstrlenW (lpString="cpu") returned 3 [0117.687] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="cpu", cchCount1=3, lpString2="EXIT", cchCount2=4) returned 1 [0117.687] free (_Block=0x5ac920) [0117.687] WbemLocator:IUnknown:AddRef (This=0x31cba0) returned 0x2 [0117.687] malloc (_Size=0x18) returned 0x5ac920 [0117.687] lstrlenW (lpString="/") returned 1 [0117.687] lstrlenW (lpString="cpu") returned 3 [0117.687] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="cpu", cchCount1=3, lpString2="/", cchCount2=1) returned 3 [0117.687] lstrlenW (lpString="-") returned 1 [0117.687] lstrlenW (lpString="cpu") returned 3 [0117.687] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="cpu", cchCount1=3, lpString2="-", cchCount2=1) returned 3 [0117.688] lstrlenW (lpString="CLASS") returned 5 [0117.688] lstrlenW (lpString="cpu") returned 3 [0117.688] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="cpu", cchCount1=3, lpString2="CLASS", cchCount2=5) returned 3 [0117.688] lstrlenW (lpString="PATH") returned 4 [0117.688] lstrlenW (lpString="cpu") returned 3 [0117.688] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="cpu", cchCount1=3, lpString2="PATH", cchCount2=4) returned 1 [0117.688] lstrlenW (lpString="CONTEXT") returned 7 [0117.688] lstrlenW (lpString="cpu") returned 3 [0117.688] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="cpu", cchCount1=3, lpString2="CONTEXT", cchCount2=7) returned 3 [0117.689] lstrlenW (lpString="cpu") returned 3 [0117.689] malloc (_Size=0x8) returned 0x5a6c80 [0117.689] lstrlenW (lpString="cpu") returned 3 [0117.694] GetCurrentThreadId () returned 0xdf0 [0117.694] ??0CHString@@QEAA@XZ () returned 0x1af480 [0117.694] malloc (_Size=0x18) returned 0x5ac900 [0117.694] malloc (_Size=0x18) returned 0x5ac980 [0117.694] WbemLocator:IWbemLocator:ConnectServer (in: This=0x31cba0, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xffa62998 | out: ppNamespace=0xffa62998*=0x3864b0) returned 0x0 [0117.965] free (_Block=0x5ac980) [0117.965] free (_Block=0x5ac900) [0117.965] CoSetProxyBlanket (pProxy=0x3864b0, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0117.966] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0117.966] GetCurrentThreadId () returned 0xdf0 [0117.966] ??0CHString@@QEAA@XZ () returned 0x1af318 [0117.966] malloc (_Size=0x18) returned 0x5ac900 [0117.967] malloc (_Size=0x18) returned 0x5ac980 [0117.967] malloc (_Size=0x18) returned 0x5ac9a0 [0117.967] malloc (_Size=0x18) returned 0x5ac9c0 [0117.967] SysStringLen (param_1="root\\cli") returned 0x8 [0117.967] SysStringLen (param_1="\\") returned 0x1 [0117.967] memcpy (in: _Dst=0x394d08, _Src=0x394ca8, _Size=0x12 | out: _Dst=0x394d08) returned 0x394d08 [0117.967] memcpy (in: _Dst=0x394d18, _Src=0x394c48, _Size=0x4 | out: _Dst=0x394d18) returned 0x394d18 [0117.967] malloc (_Size=0x18) returned 0x5ac9e0 [0117.967] SysStringLen (param_1="root\\cli\\") returned 0x9 [0117.968] SysStringLen (param_1="ms_409") returned 0x6 [0117.968] memcpy (in: _Dst=0x306708, _Src=0x394d08, _Size=0x14 | out: _Dst=0x306708) returned 0x306708 [0117.968] memcpy (in: _Dst=0x30671a, _Src=0x394c78, _Size=0xe | out: _Dst=0x30671a) returned 0x30671a [0117.968] free (_Block=0x5ac9c0) [0117.968] free (_Block=0x5ac9a0) [0117.968] free (_Block=0x5ac980) [0117.968] free (_Block=0x5ac900) [0117.969] malloc (_Size=0x18) returned 0x5ac900 [0117.969] WbemLocator:IWbemLocator:ConnectServer (in: This=0x31cba0, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xffa629a0 | out: ppNamespace=0xffa629a0*=0x3865d0) returned 0x0 [0118.006] free (_Block=0x5ac900) [0118.007] free (_Block=0x5ac9e0) [0118.007] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.007] GetCurrentThreadId () returned 0xdf0 [0118.007] ??0CHString@@QEAA@XZ () returned 0x1af490 [0118.007] malloc (_Size=0x18) returned 0x5ac9e0 [0118.007] malloc (_Size=0x18) returned 0x5ac900 [0118.007] malloc (_Size=0x18) returned 0x5ac980 [0118.008] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28 [0118.008] malloc (_Size=0x3a) returned 0x5acb50 [0118.008] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="MSFT_CliAlias.FriendlyName='", cbMultiByte=-1, lpWideCharStr=0x5acb50, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29 [0118.008] free (_Block=0x5acb50) [0118.008] malloc (_Size=0x18) returned 0x5ac9a0 [0118.009] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c [0118.009] SysStringLen (param_1="cpu") returned 0x3 [0118.009] memcpy (in: _Dst=0x356e38, _Src=0x324208, _Size=0x3a | out: _Dst=0x356e38) returned 0x356e38 [0118.009] memcpy (in: _Dst=0x356e70, _Src=0x394ca8, _Size=0x8 | out: _Dst=0x356e70) returned 0x356e70 [0118.009] malloc (_Size=0x18) returned 0x5ac9c0 [0118.009] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='cpu") returned 0x1f [0118.009] SysStringLen (param_1="'") returned 0x1 [0118.009] memcpy (in: _Dst=0x356dc8, _Src=0x356e38, _Size=0x40 | out: _Dst=0x356dc8) returned 0x356dc8 [0118.009] memcpy (in: _Dst=0x356e06, _Src=0x394d08, _Size=0x4 | out: _Dst=0x356e06) returned 0x356e06 [0118.009] free (_Block=0x5ac9a0) [0118.010] free (_Block=0x5ac980) [0118.010] free (_Block=0x5ac900) [0118.010] free (_Block=0x5ac9e0) [0118.010] IWbemServices:GetObject (in: This=0x3864b0, strObjectPath="MSFT_CliAlias.FriendlyName='cpu'", lFlags=0, pCtx=0x0, ppObject=0x1af498*=0x0, ppCallResult=0x0 | out: ppObject=0x1af498*=0x378260, ppCallResult=0x0) returned 0x0 [0118.048] malloc (_Size=0x18) returned 0x5ac9e0 [0118.048] IWbemClassObject:Get (in: This=0x378260, wszName="Target", lFlags=0, pVal=0x1af3c0*(varType=0x0, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0xffa62998, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af3c0*(varType=0x8, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1="Select * from WIN32_PROCESSOR", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0118.049] free (_Block=0x5ac9e0) [0118.049] lstrlenW (lpString="Select * from WIN32_PROCESSOR") returned 29 [0118.049] malloc (_Size=0x3c) returned 0x5acb50 [0118.049] lstrlenW (lpString="Select * from WIN32_PROCESSOR") returned 29 [0118.049] malloc (_Size=0x18) returned 0x5ac9e0 [0118.049] IWbemClassObject:Get (in: This=0x378260, wszName="PWhere", lFlags=0, pVal=0x1af3c0*(varType=0x0, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0x324208, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af3c0*(varType=0x8, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1="Where DeviceID='#'", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0118.050] free (_Block=0x5ac9e0) [0118.050] lstrlenW (lpString="Where DeviceID='#'") returned 18 [0118.050] malloc (_Size=0x26) returned 0x5a6db0 [0118.050] lstrlenW (lpString="Where DeviceID='#'") returned 18 [0118.050] malloc (_Size=0x18) returned 0x5ac9e0 [0118.050] IWbemClassObject:Get (in: This=0x378260, wszName="Connection", lFlags=0, pVal=0x1af3c0*(varType=0x0, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0x36c378, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af3c0*(varType=0xd, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0x378740, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0118.051] free (_Block=0x5ac9e0) [0118.051] IUnknown:QueryInterface (in: This=0x378740, riid=0xff9f7360*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1af3b0 | out: ppvObject=0x1af3b0*=0x378740) returned 0x0 [0118.051] GetCurrentThreadId () returned 0xdf0 [0118.051] ??0CHString@@QEAA@XZ () returned 0x1af2d8 [0118.051] malloc (_Size=0x18) returned 0x5ac9e0 [0118.051] IWbemClassObject:Get (in: This=0x378740, wszName="Namespace", lFlags=0, pVal=0x1af300*(varType=0x0, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0xffa0738f, varVal2=0x5ac9e0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af300*(varType=0x8, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\CIMV2", varVal2=0x5ac9e0), pType=0x0, plFlavor=0x0) returned 0x0 [0118.051] free (_Block=0x5ac9e0) [0118.051] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0118.052] malloc (_Size=0x16) returned 0x5ac9e0 [0118.052] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0118.052] malloc (_Size=0x18) returned 0x5ac900 [0118.052] IWbemClassObject:Get (in: This=0x378740, wszName="Locale", lFlags=0, pVal=0x1af300*(varType=0x0, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0x394c48, varVal2=0x5ac9e0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af300*(varType=0x8, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1="ms_409", varVal2=0x5ac9e0), pType=0x0, plFlavor=0x0) returned 0x0 [0118.052] free (_Block=0x5ac900) [0118.052] lstrlenW (lpString="ms_409") returned 6 [0118.052] malloc (_Size=0xe) returned 0x5ac900 [0118.053] lstrlenW (lpString="ms_409") returned 6 [0118.053] malloc (_Size=0x18) returned 0x5ac980 [0118.053] IWbemClassObject:Get (in: This=0x378740, wszName="User", lFlags=0, pVal=0x1af300*(varType=0x0, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0x394c48, varVal2=0x5ac9e0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af300*(varType=0x1, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0x394c48, varVal2=0x5ac9e0), pType=0x0, plFlavor=0x0) returned 0x0 [0118.053] free (_Block=0x5ac980) [0118.053] malloc (_Size=0x18) returned 0x5ac980 [0118.053] IWbemClassObject:Get (in: This=0x378740, wszName="Password", lFlags=0, pVal=0x1af300*(varType=0x1, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0x394c48, varVal2=0x5ac9e0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af300*(varType=0x1, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0x394c48, varVal2=0x5ac9e0), pType=0x0, plFlavor=0x0) returned 0x0 [0118.053] free (_Block=0x5ac980) [0118.053] malloc (_Size=0x18) returned 0x5ac980 [0118.054] IWbemClassObject:Get (in: This=0x378740, wszName="Server", lFlags=0, pVal=0x1af300*(varType=0x1, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0x394c48, varVal2=0x5ac9e0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af300*(varType=0x8, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=".", varVal2=0x5ac9e0), pType=0x0, plFlavor=0x0) returned 0x0 [0118.054] free (_Block=0x5ac980) [0118.054] lstrlenW (lpString=".") returned 1 [0118.054] malloc (_Size=0x4) returned 0x5a6d70 [0118.054] lstrlenW (lpString=".") returned 1 [0118.054] malloc (_Size=0x18) returned 0x5ac980 [0118.054] IWbemClassObject:Get (in: This=0x378740, wszName="Authority", lFlags=0, pVal=0x1af300*(varType=0x0, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0x394c48, varVal2=0x5ac9e0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af300*(varType=0x1, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0x394c48, varVal2=0x5ac9e0), pType=0x0, plFlavor=0x0) returned 0x0 [0118.054] free (_Block=0x5ac980) [0118.054] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.055] IUnknown:Release (This=0x378740) returned 0x1 [0118.055] GetCurrentThreadId () returned 0xdf0 [0118.055] ??0CHString@@QEAA@XZ () returned 0x1af2d8 [0118.055] malloc (_Size=0x18) returned 0x5ac980 [0118.055] IWbemClassObject:Get (in: This=0x378260, wszName="__RELPATH", lFlags=0, pVal=0x1af300*(varType=0x0, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1=0x394c48, varVal2=0xd), pType=0x0, plFlavor=0x0 | out: pVal=0x1af300*(varType=0x8, wReserved1=0xffa6, wReserved2=0x0, wReserved3=0x0, varVal1="MSFT_CliAlias.FriendlyName=\"CPU\"", varVal2=0xd), pType=0x0, plFlavor=0x0) returned 0x0 [0118.056] free (_Block=0x5ac980) [0118.056] malloc (_Size=0x18) returned 0x5ac980 [0118.056] GetCurrentThreadId () returned 0xdf0 [0118.056] ??0CHString@@QEAA@XZ () returned 0x1af158 [0118.056] ??0CHString@@QEAA@PEBG@Z () returned 0x1af170 [0118.057] ??0CHString@@QEAA@AEBV0@@Z () returned 0x1af100 [0118.057] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4dfc96c [0118.057] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x5acba0 [0118.057] ?Find@CHString@@QEBAHPEBG@Z () returned 0x1b [0118.057] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x1af0c0 [0118.057] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x1af108 [0118.057] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1af170 [0118.058] ??1CHString@@QEAA@XZ () returned 0x1434c401 [0118.058] ??1CHString@@QEAA@XZ () returned 0x1434c401 [0118.058] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x1af0c8 [0118.058] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1af100 [0118.058] ??1CHString@@QEAA@XZ () returned 0x1 [0118.058] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x5ac9a0 [0118.058] ?Find@CHString@@QEBAHPEBG@Z () returned 0x3 [0118.058] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x1af0c0 [0118.058] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x1af108 [0118.058] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1af170 [0118.058] ??1CHString@@QEAA@XZ () returned 0x6e0096006e0001 [0118.058] ??1CHString@@QEAA@XZ () returned 0x6e0097006c0001 [0118.059] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x1af0c8 [0118.059] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1af100 [0118.059] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.059] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x7fef4dfc960 [0118.059] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.059] malloc (_Size=0x18) returned 0x5ac9a0 [0118.059] malloc (_Size=0x18) returned 0x5aca00 [0118.059] malloc (_Size=0x18) returned 0x5aca20 [0118.059] malloc (_Size=0x18) returned 0x5aca40 [0118.060] malloc (_Size=0x18) returned 0x5aca60 [0118.060] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c [0118.060] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17 [0118.060] memcpy (in: _Dst=0x38f698, _Src=0x390678, _Size=0x7a | out: _Dst=0x38f698) returned 0x38f698 [0118.060] memcpy (in: _Dst=0x38f710, _Src=0x306708, _Size=0x30 | out: _Dst=0x38f710) returned 0x38f710 [0118.060] malloc (_Size=0x18) returned 0x5aca80 [0118.060] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53 [0118.060] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"CPU\\\"") returned 0x22 [0118.060] memcpy (in: _Dst=0x378518, _Src=0x38f698, _Size=0xa8 | out: _Dst=0x378518) returned 0x378518 [0118.060] memcpy (in: _Dst=0x3785be, _Src=0x324888, _Size=0x46 | out: _Dst=0x3785be) returned 0x3785be [0118.060] malloc (_Size=0x18) returned 0x5acaa0 [0118.061] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"CPU\\\"") returned 0x75 [0118.061] SysStringLen (param_1="\"") returned 0x1 [0118.061] memcpy (in: _Dst=0x378628, _Src=0x378518, _Size=0xec | out: _Dst=0x378628) returned 0x378628 [0118.061] memcpy (in: _Dst=0x378712, _Src=0x394c48, _Size=0x4 | out: _Dst=0x378712) returned 0x378712 [0118.061] free (_Block=0x5aca80) [0118.061] free (_Block=0x5aca60) [0118.061] free (_Block=0x5aca40) [0118.062] free (_Block=0x5aca20) [0118.062] free (_Block=0x5aca00) [0118.062] free (_Block=0x5ac9a0) [0118.062] IWbemServices:GetObject (in: This=0x3865d0, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"CPU\\\"\"", lFlags=0, pCtx=0x0, ppObject=0x1af148*=0x0, ppCallResult=0x0 | out: ppObject=0x1af148*=0x3789e0, ppCallResult=0x0) returned 0x0 [0118.077] malloc (_Size=0x18) returned 0x5ac9a0 [0118.078] IWbemClassObject:Get (in: This=0x3789e0, wszName="Text", lFlags=0, pVal=0x1af180*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffa62ac0, varVal2=0x18), pType=0x0, plFlavor=0x0 | out: pVal=0x1af180*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3991f0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x31e120, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x18), pType=0x0, plFlavor=0x0) returned 0x0 [0118.078] free (_Block=0x5ac9a0) [0118.078] SafeArrayGetLBound (in: psa=0x3991f0, nDim=0x1, plLbound=0x1af160 | out: plLbound=0x1af160) returned 0x0 [0118.079] SafeArrayGetUBound (in: psa=0x3991f0, nDim=0x1, plUbound=0x1af150 | out: plUbound=0x1af150) returned 0x0 [0118.079] SafeArrayGetElement (in: psa=0x3991f0, rgIndices=0x1af144, pv=0x1af198 | out: pv=0x1af198) returned 0x0 [0118.079] malloc (_Size=0x18) returned 0x5ac9a0 [0118.079] malloc (_Size=0x18) returned 0x5aca00 [0118.080] SysStringLen (param_1="CPU management.") returned 0xf [0118.080] memcpy (in: _Dst=0x399368, _Src=0x399328, _Size=0x20 | out: _Dst=0x399368) returned 0x399368 [0118.080] free (_Block=0x5ac9a0) [0118.080] IUnknown:Release (This=0x3789e0) returned 0x0 [0118.080] free (_Block=0x5acaa0) [0118.080] ??1CHString@@QEAA@XZ () returned 0x1434c401 [0118.080] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.080] free (_Block=0x5ac980) [0118.081] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.081] lstrlenW (lpString="CPU management.") returned 15 [0118.081] malloc (_Size=0x20) returned 0x5acba0 [0118.081] lstrlenW (lpString="CPU management.") returned 15 [0118.081] free (_Block=0x5aca00) [0118.081] IUnknown:Release (This=0x378260) returned 0x0 [0118.081] free (_Block=0x5ac9c0) [0118.081] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.082] lstrlenW (lpString="PATH") returned 4 [0118.082] lstrlenW (lpString="get") returned 3 [0118.082] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="PATH", cchCount2=4) returned 1 [0118.082] lstrlenW (lpString="WHERE") returned 5 [0118.082] lstrlenW (lpString="get") returned 3 [0118.082] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="WHERE", cchCount2=5) returned 1 [0118.082] lstrlenW (lpString="(") returned 1 [0118.082] lstrlenW (lpString="get") returned 3 [0118.082] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="(", cchCount2=1) returned 3 [0118.082] lstrlenW (lpString="/") returned 1 [0118.082] lstrlenW (lpString="get") returned 3 [0118.082] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="/", cchCount2=1) returned 3 [0118.082] lstrlenW (lpString="-") returned 1 [0118.083] lstrlenW (lpString="get") returned 3 [0118.083] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="-", cchCount2=1) returned 3 [0118.083] malloc (_Size=0x18) returned 0x5ac9c0 [0118.083] lstrlenW (lpString="GET") returned 3 [0118.083] lstrlenW (lpString="get") returned 3 [0118.083] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2 [0118.084] free (_Block=0x5ac9c0) [0118.084] lstrlenW (lpString="/") returned 1 [0118.084] lstrlenW (lpString="get") returned 3 [0118.084] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="/", cchCount2=1) returned 3 [0118.084] lstrlenW (lpString="-") returned 1 [0118.084] lstrlenW (lpString="get") returned 3 [0118.084] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="-", cchCount2=1) returned 3 [0118.084] lstrlenW (lpString="get") returned 3 [0118.084] malloc (_Size=0x8) returned 0x5acbd0 [0118.084] lstrlenW (lpString="get") returned 3 [0118.085] lstrlenW (lpString="GET") returned 3 [0118.085] lstrlenW (lpString="get") returned 3 [0118.085] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2 [0118.085] lstrlenW (lpString="/") returned 1 [0118.085] lstrlenW (lpString="name") returned 4 [0118.085] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="/", cchCount2=1) returned 3 [0118.085] lstrlenW (lpString="-") returned 1 [0118.085] lstrlenW (lpString="name") returned 4 [0118.085] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="-", cchCount2=1) returned 3 [0118.086] lstrlenW (lpString="name") returned 4 [0118.086] malloc (_Size=0xa) returned 0x5ac9c0 [0118.086] lstrlenW (lpString="name") returned 4 [0118.086] malloc (_Size=0x8) returned 0x5acbf0 [0118.086] GetCurrentThreadId () returned 0xdf0 [0118.086] ??0CHString@@QEAA@XZ () returned 0x1af088 [0118.087] malloc (_Size=0x8) returned 0x5acc10 [0118.087] memmove_s (in: _Destination=0x5acc10, _DestinationSize=0x8, _Source=0x5acbf0, _SourceSize=0x8 | out: _Destination=0x5acc10) returned 0x0 [0118.087] malloc (_Size=0x18) returned 0x5aca00 [0118.087] malloc (_Size=0x18) returned 0x5ac980 [0118.087] malloc (_Size=0x18) returned 0x5acaa0 [0118.087] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28 [0118.087] malloc (_Size=0x3a) returned 0x5acc30 [0118.087] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="MSFT_CliAlias.FriendlyName='", cbMultiByte=-1, lpWideCharStr=0x5acc30, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29 [0118.088] free (_Block=0x5acc30) [0118.089] malloc (_Size=0x18) returned 0x5ac9a0 [0118.089] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c [0118.089] SysStringLen (param_1="cpu") returned 0x3 [0118.089] memcpy (in: _Dst=0x38f698, _Src=0x378518, _Size=0x3a | out: _Dst=0x38f698) returned 0x38f698 [0118.089] memcpy (in: _Dst=0x38f6d0, _Src=0x394ca8, _Size=0x8 | out: _Dst=0x38f6d0) returned 0x38f6d0 [0118.089] malloc (_Size=0x18) returned 0x5aca20 [0118.089] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='cpu") returned 0x1f [0118.089] SysStringLen (param_1="'") returned 0x1 [0118.089] memcpy (in: _Dst=0x390678, _Src=0x38f698, _Size=0x40 | out: _Dst=0x390678) returned 0x390678 [0118.089] memcpy (in: _Dst=0x3906b6, _Src=0x394c48, _Size=0x4 | out: _Dst=0x3906b6) returned 0x3906b6 [0118.090] free (_Block=0x5ac9a0) [0118.090] free (_Block=0x5acaa0) [0118.090] free (_Block=0x5ac980) [0118.090] free (_Block=0x5aca00) [0118.090] IWbemServices:GetObject (in: This=0x3864b0, strObjectPath="MSFT_CliAlias.FriendlyName='cpu'", lFlags=0, pCtx=0x0, ppObject=0x1af0c8*=0x0, ppCallResult=0x0 | out: ppObject=0x1af0c8*=0x378260, ppCallResult=0x0) returned 0x0 [0118.103] malloc (_Size=0x18) returned 0x5aca00 [0118.104] IWbemClassObject:Get (in: This=0x378260, wszName="Formats", lFlags=0, pVal=0x1af148*(varType=0x0, wReserved1=0x778d, wReserved2=0x0, wReserved3=0x0, varVal1=0xffa62b80, varVal2=0xffa3c79c), pType=0x0, plFlavor=0x0 | out: pVal=0x1af148*(varType=0x200d, wReserved1=0x778d, wReserved2=0x0, wReserved3=0x0, varVal1=0x3991f0*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x39d170, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0xffa3c79c), pType=0x0, plFlavor=0x0) returned 0x0 [0118.106] free (_Block=0x5aca00) [0118.107] lstrlenW (lpString="SET") returned 3 [0118.107] lstrlenW (lpString="get") returned 3 [0118.107] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="SET", cchCount2=3) returned 1 [0118.107] SafeArrayGetLBound (in: psa=0x3991f0, nDim=0x1, plLbound=0x1af0e0 | out: plLbound=0x1af0e0) returned 0x0 [0118.107] SafeArrayGetUBound (in: psa=0x3991f0, nDim=0x1, plUbound=0x1af0dc | out: plUbound=0x1af0dc) returned 0x0 [0118.107] SafeArrayGetElement (in: psa=0x3991f0, rgIndices=0x1af0d0, pv=0x1af0b8 | out: pv=0x1af0b8) returned 0x0 [0118.107] malloc (_Size=0x18) returned 0x5aca00 [0118.107] IWbemClassObject:Get (in: This=0x378730, wszName="Name", lFlags=0, pVal=0x1af128*(varType=0x0, wReserved1=0xff7d, wReserved2=0x7fe, wReserved3=0x0, varVal1=0x3, varVal2=0x8), pType=0x0, plFlavor=0x0 | out: pVal=0x1af128*(varType=0x8, wReserved1=0xff7d, wReserved2=0x7fe, wReserved3=0x0, varVal1="FULL", varVal2=0x8), pType=0x0, plFlavor=0x0) returned 0x0 [0118.107] free (_Block=0x5aca00) [0118.107] malloc (_Size=0x18) returned 0x5aca00 [0118.108] lstrlenW (lpString="FULL") returned 4 [0118.108] lstrlenW (lpString="FULL") returned 4 [0118.108] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="FULL", cchCount1=4, lpString2="FULL", cchCount2=4) returned 2 [0118.108] free (_Block=0x5aca00) [0118.108] malloc (_Size=0x18) returned 0x5aca00 [0118.108] IWbemClassObject:Get (in: This=0x378730, wszName="Properties", lFlags=0, pVal=0x1af160*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffa62ac0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af160*(varType=0x200d, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3993b0*(cDims=0x1, fFeatures=0x240, cbElements=0x8, cLocks=0x0, pvData=0x378f40, rgsabound=((cElements=0x2c, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0118.115] free (_Block=0x5aca00) [0118.115] SafeArrayGetLBound (in: psa=0x3993b0, nDim=0x1, plLbound=0x1af0f0 | out: plLbound=0x1af0f0) returned 0x0 [0118.115] SafeArrayGetUBound (in: psa=0x3993b0, nDim=0x1, plUbound=0x1af0f8 | out: plUbound=0x1af0f8) returned 0x0 [0118.115] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.115] malloc (_Size=0x18) returned 0x5aca00 [0118.116] IWbemClassObject:Get (in: This=0x3ba2e0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x0, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="AddressWidth", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.116] free (_Block=0x5aca00) [0118.116] malloc (_Size=0x18) returned 0x5aca00 [0118.116] IWbemClassObject:Get (in: This=0x3ba2e0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="AddressWidth", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.116] free (_Block=0x5aca00) [0118.116] malloc (_Size=0x18) returned 0x5aca00 [0118.116] lstrlenW (lpString="AddressWidth") returned 12 [0118.116] lstrlenW (lpString="name") returned 4 [0118.117] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="AddressWidth", cchCount2=12) returned 3 [0118.117] free (_Block=0x5aca00) [0118.117] IUnknown:Release (This=0x3ba2e0) returned 0x1 [0118.117] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.117] malloc (_Size=0x18) returned 0x5aca00 [0118.117] IWbemClassObject:Get (in: This=0x3ba750, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="AddressWidth", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Architecture", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.117] free (_Block=0x5aca00) [0118.117] malloc (_Size=0x18) returned 0x5aca00 [0118.117] IWbemClassObject:Get (in: This=0x3ba750, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="AddressWidth", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Architecture", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.118] free (_Block=0x5aca00) [0118.118] malloc (_Size=0x18) returned 0x5aca00 [0118.118] lstrlenW (lpString="Architecture") returned 12 [0118.118] lstrlenW (lpString="name") returned 4 [0118.118] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Architecture", cchCount2=12) returned 3 [0118.118] free (_Block=0x5aca00) [0118.118] IUnknown:Release (This=0x3ba750) returned 0x1 [0118.118] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.118] malloc (_Size=0x18) returned 0x5aca00 [0118.118] IWbemClassObject:Get (in: This=0x3babc0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Architecture", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Availability", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.119] free (_Block=0x5aca00) [0118.119] malloc (_Size=0x18) returned 0x5aca00 [0118.119] IWbemClassObject:Get (in: This=0x3babc0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Architecture", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Availability", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.119] free (_Block=0x5aca00) [0118.119] malloc (_Size=0x18) returned 0x5aca00 [0118.119] lstrlenW (lpString="Availability") returned 12 [0118.119] lstrlenW (lpString="name") returned 4 [0118.119] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Availability", cchCount2=12) returned 3 [0118.120] free (_Block=0x5aca00) [0118.120] IUnknown:Release (This=0x3babc0) returned 0x1 [0118.120] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.120] malloc (_Size=0x18) returned 0x5aca00 [0118.120] IWbemClassObject:Get (in: This=0x3bb030, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Availability", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Caption", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.120] free (_Block=0x5aca00) [0118.120] malloc (_Size=0x18) returned 0x5aca00 [0118.120] IWbemClassObject:Get (in: This=0x3bb030, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Availability", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Caption", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.120] free (_Block=0x5aca00) [0118.121] malloc (_Size=0x18) returned 0x5aca00 [0118.121] lstrlenW (lpString="Caption") returned 7 [0118.121] lstrlenW (lpString="name") returned 4 [0118.121] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Caption", cchCount2=7) returned 3 [0118.121] free (_Block=0x5aca00) [0118.121] IUnknown:Release (This=0x3bb030) returned 0x1 [0118.121] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.121] malloc (_Size=0x18) returned 0x5aca00 [0118.121] IWbemClassObject:Get (in: This=0x3bb4b0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Caption", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ConfigManagerErrorCode", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.122] free (_Block=0x5aca00) [0118.122] malloc (_Size=0x18) returned 0x5aca00 [0118.122] IWbemClassObject:Get (in: This=0x3bb4b0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Caption", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ConfigManagerErrorCode", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.122] free (_Block=0x5aca00) [0118.122] malloc (_Size=0x18) returned 0x5aca00 [0118.122] lstrlenW (lpString="ConfigManagerErrorCode") returned 22 [0118.122] lstrlenW (lpString="name") returned 4 [0118.122] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ConfigManagerErrorCode", cchCount2=22) returned 3 [0118.123] free (_Block=0x5aca00) [0118.123] IUnknown:Release (This=0x3bb4b0) returned 0x1 [0118.123] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.123] malloc (_Size=0x18) returned 0x5aca00 [0118.123] IWbemClassObject:Get (in: This=0x3bb930, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ConfigManagerErrorCode", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ConfigManagerUserConfig", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.123] free (_Block=0x5aca00) [0118.123] malloc (_Size=0x18) returned 0x5aca00 [0118.123] IWbemClassObject:Get (in: This=0x3bb930, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ConfigManagerErrorCode", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ConfigManagerUserConfig", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.124] free (_Block=0x5aca00) [0118.124] malloc (_Size=0x18) returned 0x5aca00 [0118.124] lstrlenW (lpString="ConfigManagerUserConfig") returned 23 [0118.124] lstrlenW (lpString="name") returned 4 [0118.124] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ConfigManagerUserConfig", cchCount2=23) returned 3 [0118.124] free (_Block=0x5aca00) [0118.124] IUnknown:Release (This=0x3bb930) returned 0x1 [0118.124] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.124] malloc (_Size=0x18) returned 0x5aca00 [0118.124] IWbemClassObject:Get (in: This=0x3bbda0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ConfigManagerUserConfig", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="CpuStatus", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.125] free (_Block=0x5aca00) [0118.125] malloc (_Size=0x18) returned 0x5aca00 [0118.125] IWbemClassObject:Get (in: This=0x3bbda0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ConfigManagerUserConfig", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CpuStatus", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.125] free (_Block=0x5aca00) [0118.125] malloc (_Size=0x18) returned 0x5aca00 [0118.125] lstrlenW (lpString="CpuStatus") returned 9 [0118.125] lstrlenW (lpString="name") returned 4 [0118.125] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CpuStatus", cchCount2=9) returned 3 [0118.126] free (_Block=0x5aca00) [0118.126] IUnknown:Release (This=0x3bbda0) returned 0x1 [0118.126] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.126] malloc (_Size=0x18) returned 0x5aca00 [0118.126] IWbemClassObject:Get (in: This=0x3bc210, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="CpuStatus", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="CreationClassName", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.126] free (_Block=0x5aca00) [0118.126] malloc (_Size=0x18) returned 0x5aca00 [0118.127] IWbemClassObject:Get (in: This=0x3bc210, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CpuStatus", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CreationClassName", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.127] free (_Block=0x5aca00) [0118.127] malloc (_Size=0x18) returned 0x5aca00 [0118.127] lstrlenW (lpString="CreationClassName") returned 17 [0118.127] lstrlenW (lpString="name") returned 4 [0118.127] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CreationClassName", cchCount2=17) returned 3 [0118.127] free (_Block=0x5aca00) [0118.127] IUnknown:Release (This=0x3bc210) returned 0x1 [0118.127] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.127] malloc (_Size=0x18) returned 0x5aca00 [0118.128] IWbemClassObject:Get (in: This=0x3bc680, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="CreationClassName", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentClockSpeed", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.128] free (_Block=0x5aca00) [0118.128] malloc (_Size=0x18) returned 0x5aca00 [0118.128] IWbemClassObject:Get (in: This=0x3bc680, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CreationClassName", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentClockSpeed", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.128] free (_Block=0x5aca00) [0118.128] malloc (_Size=0x18) returned 0x5aca00 [0118.128] lstrlenW (lpString="CurrentClockSpeed") returned 17 [0118.128] lstrlenW (lpString="name") returned 4 [0118.129] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CurrentClockSpeed", cchCount2=17) returned 3 [0118.129] free (_Block=0x5aca00) [0118.129] IUnknown:Release (This=0x3bc680) returned 0x1 [0118.129] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.129] malloc (_Size=0x18) returned 0x5aca00 [0118.129] IWbemClassObject:Get (in: This=0x3bcaf0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentClockSpeed", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentVoltage", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.129] free (_Block=0x5aca00) [0118.129] malloc (_Size=0x18) returned 0x5aca00 [0118.130] IWbemClassObject:Get (in: This=0x3bcaf0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentClockSpeed", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentVoltage", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.130] free (_Block=0x5aca00) [0118.130] malloc (_Size=0x18) returned 0x5aca00 [0118.130] lstrlenW (lpString="CurrentVoltage") returned 14 [0118.130] lstrlenW (lpString="name") returned 4 [0118.130] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CurrentVoltage", cchCount2=14) returned 3 [0118.130] free (_Block=0x5aca00) [0118.130] IUnknown:Release (This=0x3bcaf0) returned 0x1 [0118.131] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.131] malloc (_Size=0x18) returned 0x5aca00 [0118.131] IWbemClassObject:Get (in: This=0x3bcf60, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentVoltage", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="DataWidth", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.131] free (_Block=0x5aca00) [0118.131] malloc (_Size=0x18) returned 0x5aca00 [0118.131] IWbemClassObject:Get (in: This=0x3bcf60, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentVoltage", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="DataWidth", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.131] free (_Block=0x5aca00) [0118.131] malloc (_Size=0x18) returned 0x5aca00 [0118.132] lstrlenW (lpString="DataWidth") returned 9 [0118.132] lstrlenW (lpString="name") returned 4 [0118.132] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="DataWidth", cchCount2=9) returned 3 [0118.132] free (_Block=0x5aca00) [0118.132] IUnknown:Release (This=0x3bcf60) returned 0x1 [0118.132] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.132] malloc (_Size=0x18) returned 0x5aca00 [0118.132] IWbemClassObject:Get (in: This=0x3bd400, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="DataWidth", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Description", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.132] free (_Block=0x5aca00) [0118.132] malloc (_Size=0x18) returned 0x5aca00 [0118.133] IWbemClassObject:Get (in: This=0x3bd400, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="DataWidth", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Description", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.133] free (_Block=0x5aca00) [0118.133] malloc (_Size=0x18) returned 0x5aca00 [0118.133] lstrlenW (lpString="Description") returned 11 [0118.133] lstrlenW (lpString="name") returned 4 [0118.133] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Description", cchCount2=11) returned 3 [0118.133] free (_Block=0x5aca00) [0118.133] IUnknown:Release (This=0x3bd400) returned 0x1 [0118.134] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.134] malloc (_Size=0x18) returned 0x5aca00 [0118.134] IWbemClassObject:Get (in: This=0x3bd6b0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Description", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="DeviceID", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.134] free (_Block=0x5aca00) [0118.134] malloc (_Size=0x18) returned 0x5aca00 [0118.134] IWbemClassObject:Get (in: This=0x3bd6b0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Description", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="DeviceID", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.134] free (_Block=0x5aca00) [0118.134] malloc (_Size=0x18) returned 0x5aca00 [0118.134] lstrlenW (lpString="DeviceID") returned 8 [0118.135] lstrlenW (lpString="name") returned 4 [0118.135] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="DeviceID", cchCount2=8) returned 3 [0118.135] free (_Block=0x5aca00) [0118.135] IUnknown:Release (This=0x3bd6b0) returned 0x1 [0118.135] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.135] malloc (_Size=0x18) returned 0x5aca00 [0118.135] IWbemClassObject:Get (in: This=0x3bd960, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="DeviceID", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ErrorCleared", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.136] free (_Block=0x5aca00) [0118.136] malloc (_Size=0x18) returned 0x5aca00 [0118.136] IWbemClassObject:Get (in: This=0x3bd960, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="DeviceID", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ErrorCleared", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.136] free (_Block=0x5aca00) [0118.136] malloc (_Size=0x18) returned 0x5aca00 [0118.136] lstrlenW (lpString="ErrorCleared") returned 12 [0118.137] lstrlenW (lpString="name") returned 4 [0118.137] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ErrorCleared", cchCount2=12) returned 3 [0118.137] free (_Block=0x5aca00) [0118.137] IUnknown:Release (This=0x3bd960) returned 0x1 [0118.137] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.137] malloc (_Size=0x18) returned 0x5aca00 [0118.137] IWbemClassObject:Get (in: This=0x3bdc10, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ErrorCleared", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ErrorDescription", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.137] free (_Block=0x5aca00) [0118.137] malloc (_Size=0x18) returned 0x5aca00 [0118.137] IWbemClassObject:Get (in: This=0x3bdc10, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ErrorCleared", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ErrorDescription", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.138] free (_Block=0x5aca00) [0118.138] malloc (_Size=0x18) returned 0x5aca00 [0118.138] lstrlenW (lpString="ErrorDescription") returned 16 [0118.138] lstrlenW (lpString="name") returned 4 [0118.138] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ErrorDescription", cchCount2=16) returned 3 [0118.138] free (_Block=0x5aca00) [0118.138] IUnknown:Release (This=0x3bdc10) returned 0x1 [0118.138] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.138] malloc (_Size=0x18) returned 0x5aca00 [0118.139] IWbemClassObject:Get (in: This=0x3bdec0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ErrorDescription", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ExtClock", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.139] free (_Block=0x5aca00) [0118.139] malloc (_Size=0x18) returned 0x5aca00 [0118.139] IWbemClassObject:Get (in: This=0x3bdec0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ErrorDescription", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ExtClock", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.139] free (_Block=0x5aca00) [0118.139] malloc (_Size=0x18) returned 0x5aca00 [0118.139] lstrlenW (lpString="ExtClock") returned 8 [0118.139] lstrlenW (lpString="name") returned 4 [0118.139] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ExtClock", cchCount2=8) returned 3 [0118.140] free (_Block=0x5aca00) [0118.140] IUnknown:Release (This=0x3bdec0) returned 0x1 [0118.140] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.140] malloc (_Size=0x18) returned 0x5aca00 [0118.140] IWbemClassObject:Get (in: This=0x3be170, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ExtClock", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Family", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.140] free (_Block=0x5aca00) [0118.140] malloc (_Size=0x18) returned 0x5aca00 [0118.140] IWbemClassObject:Get (in: This=0x3be170, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ExtClock", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Family", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.141] free (_Block=0x5aca00) [0118.141] malloc (_Size=0x18) returned 0x5aca00 [0118.141] lstrlenW (lpString="Family") returned 6 [0118.141] lstrlenW (lpString="name") returned 4 [0118.141] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Family", cchCount2=6) returned 3 [0118.166] free (_Block=0x5aca00) [0118.166] IUnknown:Release (This=0x3be170) returned 0x1 [0118.166] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.166] malloc (_Size=0x18) returned 0x5aca00 [0118.166] IWbemClassObject:Get (in: This=0x3be420, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Family", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="InstallDate", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.166] free (_Block=0x5aca00) [0118.167] malloc (_Size=0x18) returned 0x5aca00 [0118.167] IWbemClassObject:Get (in: This=0x3be420, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Family", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="InstallDate", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.167] free (_Block=0x5aca00) [0118.167] malloc (_Size=0x18) returned 0x5aca00 [0118.167] lstrlenW (lpString="InstallDate") returned 11 [0118.167] lstrlenW (lpString="name") returned 4 [0118.167] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="InstallDate", cchCount2=11) returned 3 [0118.167] free (_Block=0x5aca00) [0118.167] IUnknown:Release (This=0x3be420) returned 0x1 [0118.168] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.168] malloc (_Size=0x18) returned 0x5aca00 [0118.168] IWbemClassObject:Get (in: This=0x3be6d0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="InstallDate", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="L2CacheSize", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.168] free (_Block=0x5aca00) [0118.168] malloc (_Size=0x18) returned 0x5aca00 [0118.168] IWbemClassObject:Get (in: This=0x3be6d0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="InstallDate", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="L2CacheSize", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.168] free (_Block=0x5aca00) [0118.169] malloc (_Size=0x18) returned 0x5aca00 [0118.169] lstrlenW (lpString="L2CacheSize") returned 11 [0118.169] lstrlenW (lpString="name") returned 4 [0118.169] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="L2CacheSize", cchCount2=11) returned 3 [0118.169] free (_Block=0x5aca00) [0118.169] IUnknown:Release (This=0x3be6d0) returned 0x1 [0118.169] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.169] malloc (_Size=0x18) returned 0x5aca00 [0118.169] IWbemClassObject:Get (in: This=0x3be980, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="L2CacheSize", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="L2CacheSpeed", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.170] free (_Block=0x5aca00) [0118.170] malloc (_Size=0x18) returned 0x5aca00 [0118.170] IWbemClassObject:Get (in: This=0x3be980, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="L2CacheSize", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="L2CacheSpeed", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.170] free (_Block=0x5aca00) [0118.170] malloc (_Size=0x18) returned 0x5aca00 [0118.170] lstrlenW (lpString="L2CacheSpeed") returned 12 [0118.170] lstrlenW (lpString="name") returned 4 [0118.171] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="L2CacheSpeed", cchCount2=12) returned 3 [0118.171] free (_Block=0x5aca00) [0118.171] IUnknown:Release (This=0x3be980) returned 0x1 [0118.171] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.171] malloc (_Size=0x18) returned 0x5aca00 [0118.171] IWbemClassObject:Get (in: This=0x3bec30, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="L2CacheSpeed", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="LastErrorCode", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.171] free (_Block=0x5aca00) [0118.171] malloc (_Size=0x18) returned 0x5aca00 [0118.171] IWbemClassObject:Get (in: This=0x3bec30, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="L2CacheSpeed", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LastErrorCode", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.172] free (_Block=0x5aca00) [0118.172] malloc (_Size=0x18) returned 0x5aca00 [0118.172] lstrlenW (lpString="LastErrorCode") returned 13 [0118.172] lstrlenW (lpString="name") returned 4 [0118.172] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="LastErrorCode", cchCount2=13) returned 3 [0118.172] free (_Block=0x5aca00) [0118.172] IUnknown:Release (This=0x3bec30) returned 0x1 [0118.172] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.172] malloc (_Size=0x18) returned 0x5aca00 [0118.173] IWbemClassObject:Get (in: This=0x3beee0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="LastErrorCode", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Level", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.173] free (_Block=0x5aca00) [0118.173] malloc (_Size=0x18) returned 0x5aca00 [0118.173] IWbemClassObject:Get (in: This=0x3beee0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LastErrorCode", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Level", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.173] free (_Block=0x5aca00) [0118.174] malloc (_Size=0x18) returned 0x5aca00 [0118.174] lstrlenW (lpString="Level") returned 5 [0118.174] lstrlenW (lpString="name") returned 4 [0118.174] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Level", cchCount2=5) returned 3 [0118.174] free (_Block=0x5aca00) [0118.174] IUnknown:Release (This=0x3beee0) returned 0x1 [0118.174] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.174] malloc (_Size=0x18) returned 0x5aca00 [0118.174] IWbemClassObject:Get (in: This=0x3bf190, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Level", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="LoadPercentage", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.175] free (_Block=0x5aca00) [0118.175] malloc (_Size=0x18) returned 0x5aca00 [0118.175] IWbemClassObject:Get (in: This=0x3bf190, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Level", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LoadPercentage", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.175] free (_Block=0x5aca00) [0118.175] malloc (_Size=0x18) returned 0x5aca00 [0118.175] lstrlenW (lpString="LoadPercentage") returned 14 [0118.175] lstrlenW (lpString="name") returned 4 [0118.175] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="LoadPercentage", cchCount2=14) returned 3 [0118.176] free (_Block=0x5aca00) [0118.176] IUnknown:Release (This=0x3bf190) returned 0x1 [0118.176] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.176] malloc (_Size=0x18) returned 0x5aca00 [0118.176] IWbemClassObject:Get (in: This=0x3bf440, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="LoadPercentage", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Manufacturer", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.176] free (_Block=0x5aca00) [0118.176] malloc (_Size=0x18) returned 0x5aca00 [0118.176] IWbemClassObject:Get (in: This=0x3bf440, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LoadPercentage", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Manufacturer", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.176] free (_Block=0x5aca00) [0118.177] malloc (_Size=0x18) returned 0x5aca00 [0118.177] lstrlenW (lpString="Manufacturer") returned 12 [0118.177] lstrlenW (lpString="name") returned 4 [0118.177] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Manufacturer", cchCount2=12) returned 3 [0118.177] free (_Block=0x5aca00) [0118.177] IUnknown:Release (This=0x3bf440) returned 0x1 [0118.177] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.177] malloc (_Size=0x18) returned 0x5aca00 [0118.177] IWbemClassObject:Get (in: This=0x3bf6f0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Manufacturer", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="MaxClockSpeed", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.177] free (_Block=0x5aca00) [0118.178] malloc (_Size=0x18) returned 0x5aca00 [0118.178] IWbemClassObject:Get (in: This=0x3bf6f0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Manufacturer", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxClockSpeed", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.178] free (_Block=0x5aca00) [0118.178] malloc (_Size=0x18) returned 0x5aca00 [0118.178] lstrlenW (lpString="MaxClockSpeed") returned 13 [0118.178] lstrlenW (lpString="name") returned 4 [0118.178] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="MaxClockSpeed", cchCount2=13) returned 3 [0118.178] free (_Block=0x5aca00) [0118.179] IUnknown:Release (This=0x3bf6f0) returned 0x1 [0118.179] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.179] malloc (_Size=0x18) returned 0x5aca00 [0118.179] IWbemClassObject:Get (in: This=0x3bf9a0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="MaxClockSpeed", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Name", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.179] free (_Block=0x5aca00) [0118.179] malloc (_Size=0x18) returned 0x5aca00 [0118.179] IWbemClassObject:Get (in: This=0x3bf9a0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MaxClockSpeed", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Name", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.180] free (_Block=0x5aca00) [0118.180] malloc (_Size=0x18) returned 0x5aca00 [0118.180] lstrlenW (lpString="Name") returned 4 [0118.180] lstrlenW (lpString="name") returned 4 [0118.180] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Name", cchCount2=4) returned 2 [0118.180] free (_Block=0x5aca00) [0118.180] GetCurrentThreadId () returned 0xdf0 [0118.180] ??0CHString@@QEAA@XZ () returned 0x1aefb8 [0118.180] malloc (_Size=0x18) returned 0x5aca00 [0118.181] IWbemClassObject:Get (in: This=0x3bf9a0, wszName="Description", lFlags=0, pVal=0x1aefc8*(varType=0x0, wReserved1=0xff7d, wReserved2=0x7fe, wReserved3=0x0, varVal1=0x0, varVal2=0x5aca00), pType=0x0, plFlavor=0x0 | out: pVal=0x1aefc8*(varType=0x1, wReserved1=0xff7d, wReserved2=0x7fe, wReserved3=0x0, varVal1=0x0, varVal2=0x5aca00), pType=0x0, plFlavor=0x0) returned 0x0 [0118.181] free (_Block=0x5aca00) [0118.181] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.181] malloc (_Size=0x48) returned 0x5acc30 [0118.181] malloc (_Size=0x18) returned 0x5aca00 [0118.182] malloc (_Size=0x18) returned 0x5ac980 [0118.182] lstrlenA (lpString="") returned 0 [0118.182] malloc (_Size=0x2) returned 0x5acc80 [0118.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=-1, lpWideCharStr=0x5acc80, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0118.182] free (_Block=0x5acc80) [0118.182] free (_Block=0x5ac980) [0118.182] GetCurrentThreadId () returned 0xdf0 [0118.182] ??0CHString@@QEAA@XZ () returned 0x1aedb8 [0118.183] malloc (_Size=0x18) returned 0x5ac980 [0118.183] IWbemClassObject:Get (in: This=0x3bf9a0, wszName="Qualifiers", lFlags=0, pVal=0x1aee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x77995410, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1aee28*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x77995410, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0118.183] free (_Block=0x5ac980) [0118.183] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.183] malloc (_Size=0x18) returned 0x5ac980 [0118.183] malloc (_Size=0x18) returned 0x5acaa0 [0118.184] malloc (_Size=0x48) returned 0x5acc80 [0118.184] malloc (_Size=0x18) returned 0x5ac9a0 [0118.184] malloc (_Size=0x48) returned 0x5accd0 [0118.184] malloc (_Size=0x70) returned 0x5acd20 [0118.184] malloc (_Size=0x48) returned 0x5acda0 [0118.185] free (_Block=0x5accd0) [0118.185] free (_Block=0x5acc80) [0118.185] free (_Block=0x5acc30) [0118.186] IUnknown:Release (This=0x3bf9a0) returned 0x1 [0118.186] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.186] malloc (_Size=0x18) returned 0x5aca40 [0118.186] IWbemClassObject:Get (in: This=0x3bfc50, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x0, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1=0x379418, varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="OtherFamilyDescription", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.186] free (_Block=0x5aca40) [0118.186] malloc (_Size=0x18) returned 0x5aca40 [0118.186] IWbemClassObject:Get (in: This=0x3bfc50, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x379448, varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OtherFamilyDescription", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.186] free (_Block=0x5aca40) [0118.187] malloc (_Size=0x18) returned 0x5aca40 [0118.187] lstrlenW (lpString="OtherFamilyDescription") returned 22 [0118.187] lstrlenW (lpString="name") returned 4 [0118.187] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="OtherFamilyDescription", cchCount2=22) returned 1 [0118.187] free (_Block=0x5aca40) [0118.187] IUnknown:Release (This=0x3bfc50) returned 0x1 [0118.187] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.187] malloc (_Size=0x18) returned 0x5aca40 [0118.187] IWbemClassObject:Get (in: This=0x3bff00, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="OtherFamilyDescription", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="PNPDeviceID", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.188] free (_Block=0x5aca40) [0118.188] malloc (_Size=0x18) returned 0x5aca40 [0118.188] IWbemClassObject:Get (in: This=0x3bff00, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="OtherFamilyDescription", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PNPDeviceID", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.188] free (_Block=0x5aca40) [0118.189] malloc (_Size=0x18) returned 0x5aca40 [0118.189] lstrlenW (lpString="PNPDeviceID") returned 11 [0118.189] lstrlenW (lpString="name") returned 4 [0118.189] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="PNPDeviceID", cchCount2=11) returned 1 [0118.189] free (_Block=0x5aca40) [0118.189] IUnknown:Release (This=0x3bff00) returned 0x1 [0118.189] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.189] malloc (_Size=0x18) returned 0x5aca40 [0118.189] IWbemClassObject:Get (in: This=0x3c01b0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="PNPDeviceID", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="PowerManagementCapabilities", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.190] free (_Block=0x5aca40) [0118.190] malloc (_Size=0x18) returned 0x5aca40 [0118.190] IWbemClassObject:Get (in: This=0x3c01b0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PNPDeviceID", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PowerManagementCapabilities", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.190] free (_Block=0x5aca40) [0118.190] malloc (_Size=0x18) returned 0x5aca40 [0118.190] lstrlenW (lpString="PowerManagementCapabilities") returned 27 [0118.190] lstrlenW (lpString="name") returned 4 [0118.190] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="PowerManagementCapabilities", cchCount2=27) returned 1 [0118.191] free (_Block=0x5aca40) [0118.191] IUnknown:Release (This=0x3c01b0) returned 0x1 [0118.191] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.191] malloc (_Size=0x18) returned 0x5aca40 [0118.191] IWbemClassObject:Get (in: This=0x3c0460, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="PowerManagementCapabilities", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="PowerManagementSupported", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.191] free (_Block=0x5aca40) [0118.191] malloc (_Size=0x18) returned 0x5aca40 [0118.191] IWbemClassObject:Get (in: This=0x3c0460, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PowerManagementCapabilities", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PowerManagementSupported", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.192] free (_Block=0x5aca40) [0118.192] malloc (_Size=0x18) returned 0x5aca40 [0118.192] lstrlenW (lpString="PowerManagementSupported") returned 24 [0118.192] lstrlenW (lpString="name") returned 4 [0118.192] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="PowerManagementSupported", cchCount2=24) returned 1 [0118.192] free (_Block=0x5aca40) [0118.192] IUnknown:Release (This=0x3c0460) returned 0x1 [0118.192] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.192] malloc (_Size=0x18) returned 0x5aca40 [0118.193] IWbemClassObject:Get (in: This=0x3c0710, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="PowerManagementSupported", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ProcessorId", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.193] free (_Block=0x5aca40) [0118.193] malloc (_Size=0x18) returned 0x5aca40 [0118.193] IWbemClassObject:Get (in: This=0x3c0710, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="PowerManagementSupported", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ProcessorId", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.193] free (_Block=0x5aca40) [0118.193] malloc (_Size=0x18) returned 0x5aca40 [0118.193] lstrlenW (lpString="ProcessorId") returned 11 [0118.193] lstrlenW (lpString="name") returned 4 [0118.193] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ProcessorId", cchCount2=11) returned 1 [0118.194] free (_Block=0x5aca40) [0118.194] IUnknown:Release (This=0x3c0710) returned 0x1 [0118.194] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.194] malloc (_Size=0x18) returned 0x5aca40 [0118.194] IWbemClassObject:Get (in: This=0x3c09c0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ProcessorId", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ProcessorType", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.194] free (_Block=0x5aca40) [0118.194] malloc (_Size=0x18) returned 0x5aca40 [0118.194] IWbemClassObject:Get (in: This=0x3c09c0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ProcessorId", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ProcessorType", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.195] free (_Block=0x5aca40) [0118.195] malloc (_Size=0x18) returned 0x5aca40 [0118.195] lstrlenW (lpString="ProcessorType") returned 13 [0118.195] lstrlenW (lpString="name") returned 4 [0118.195] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ProcessorType", cchCount2=13) returned 1 [0118.195] free (_Block=0x5aca40) [0118.195] IUnknown:Release (This=0x3c09c0) returned 0x1 [0118.195] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.195] malloc (_Size=0x18) returned 0x5aca40 [0118.196] IWbemClassObject:Get (in: This=0x3c0c70, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="ProcessorType", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Revision", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.196] free (_Block=0x5aca40) [0118.196] malloc (_Size=0x18) returned 0x5aca40 [0118.196] IWbemClassObject:Get (in: This=0x3c0c70, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ProcessorType", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Revision", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.196] free (_Block=0x5aca40) [0118.196] malloc (_Size=0x18) returned 0x5aca40 [0118.196] lstrlenW (lpString="Revision") returned 8 [0118.196] lstrlenW (lpString="name") returned 4 [0118.196] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Revision", cchCount2=8) returned 1 [0118.197] free (_Block=0x5aca40) [0118.197] IUnknown:Release (This=0x3c0c70) returned 0x1 [0118.197] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.197] malloc (_Size=0x18) returned 0x5aca40 [0118.197] IWbemClassObject:Get (in: This=0x3c0f20, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Revision", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Role", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.197] free (_Block=0x5aca40) [0118.197] malloc (_Size=0x18) returned 0x5aca40 [0118.197] IWbemClassObject:Get (in: This=0x3c0f20, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Revision", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Role", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.198] free (_Block=0x5aca40) [0118.198] malloc (_Size=0x18) returned 0x5aca40 [0118.198] lstrlenW (lpString="Role") returned 4 [0118.198] lstrlenW (lpString="name") returned 4 [0118.198] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Role", cchCount2=4) returned 1 [0118.198] free (_Block=0x5aca40) [0118.198] IUnknown:Release (This=0x3c0f20) returned 0x1 [0118.198] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.198] malloc (_Size=0x18) returned 0x5aca40 [0118.199] IWbemClassObject:Get (in: This=0x3c45b0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Role", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="SocketDesignation", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.199] free (_Block=0x5aca40) [0118.199] malloc (_Size=0x18) returned 0x5aca40 [0118.199] IWbemClassObject:Get (in: This=0x3c45b0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Role", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SocketDesignation", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.199] free (_Block=0x5aca40) [0118.199] malloc (_Size=0x18) returned 0x5aca40 [0118.199] lstrlenW (lpString="SocketDesignation") returned 17 [0118.200] lstrlenW (lpString="name") returned 4 [0118.200] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="SocketDesignation", cchCount2=17) returned 1 [0118.200] free (_Block=0x5aca40) [0118.200] IUnknown:Release (This=0x3c45b0) returned 0x1 [0118.200] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.200] malloc (_Size=0x18) returned 0x5aca40 [0118.200] IWbemClassObject:Get (in: This=0x3c4860, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="SocketDesignation", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Status", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.200] free (_Block=0x5aca40) [0118.201] malloc (_Size=0x18) returned 0x5aca40 [0118.201] IWbemClassObject:Get (in: This=0x3c4860, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SocketDesignation", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Status", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.201] free (_Block=0x5aca40) [0118.201] malloc (_Size=0x18) returned 0x5aca40 [0118.201] lstrlenW (lpString="Status") returned 6 [0118.201] lstrlenW (lpString="name") returned 4 [0118.201] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Status", cchCount2=6) returned 1 [0118.201] free (_Block=0x5aca40) [0118.201] IUnknown:Release (This=0x3c4860) returned 0x1 [0118.202] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.202] malloc (_Size=0x18) returned 0x5aca40 [0118.202] IWbemClassObject:Get (in: This=0x3c4b10, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Status", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="StatusInfo", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.202] free (_Block=0x5aca40) [0118.202] malloc (_Size=0x18) returned 0x5aca40 [0118.202] IWbemClassObject:Get (in: This=0x3c4b10, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Status", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="StatusInfo", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.202] free (_Block=0x5aca40) [0118.202] malloc (_Size=0x18) returned 0x5aca40 [0118.203] lstrlenW (lpString="StatusInfo") returned 10 [0118.203] lstrlenW (lpString="name") returned 4 [0118.203] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="StatusInfo", cchCount2=10) returned 1 [0118.203] free (_Block=0x5aca40) [0118.203] IUnknown:Release (This=0x3c4b10) returned 0x1 [0118.203] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.203] malloc (_Size=0x18) returned 0x5aca40 [0118.203] IWbemClassObject:Get (in: This=0x3c4dc0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="StatusInfo", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Stepping", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.203] free (_Block=0x5aca40) [0118.204] malloc (_Size=0x18) returned 0x5aca40 [0118.216] IWbemClassObject:Get (in: This=0x3c4dc0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="StatusInfo", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Stepping", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.216] free (_Block=0x5aca40) [0118.216] malloc (_Size=0x18) returned 0x5aca40 [0118.217] lstrlenW (lpString="Stepping") returned 8 [0118.217] lstrlenW (lpString="name") returned 4 [0118.217] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Stepping", cchCount2=8) returned 1 [0118.217] free (_Block=0x5aca40) [0118.217] IUnknown:Release (This=0x3c4dc0) returned 0x1 [0118.217] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.217] malloc (_Size=0x18) returned 0x5aca40 [0118.217] IWbemClassObject:Get (in: This=0x3c5070, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Stepping", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="SystemCreationClassName", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.217] free (_Block=0x5aca40) [0118.218] malloc (_Size=0x18) returned 0x5aca40 [0118.218] IWbemClassObject:Get (in: This=0x3c5070, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Stepping", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SystemCreationClassName", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.218] free (_Block=0x5aca40) [0118.218] malloc (_Size=0x18) returned 0x5aca40 [0118.218] lstrlenW (lpString="SystemCreationClassName") returned 23 [0118.218] lstrlenW (lpString="name") returned 4 [0118.218] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="SystemCreationClassName", cchCount2=23) returned 1 [0118.218] free (_Block=0x5aca40) [0118.218] IUnknown:Release (This=0x3c5070) returned 0x1 [0118.218] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.219] malloc (_Size=0x18) returned 0x5aca40 [0118.219] IWbemClassObject:Get (in: This=0x3c5320, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="SystemCreationClassName", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="SystemName", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.219] free (_Block=0x5aca40) [0118.219] malloc (_Size=0x18) returned 0x5aca40 [0118.219] IWbemClassObject:Get (in: This=0x3c5320, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SystemCreationClassName", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SystemName", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.222] free (_Block=0x5aca40) [0118.222] malloc (_Size=0x18) returned 0x5aca40 [0118.222] lstrlenW (lpString="SystemName") returned 10 [0118.222] lstrlenW (lpString="name") returned 4 [0118.222] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="SystemName", cchCount2=10) returned 1 [0118.223] free (_Block=0x5aca40) [0118.223] IUnknown:Release (This=0x3c5320) returned 0x1 [0118.223] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.223] malloc (_Size=0x18) returned 0x5aca40 [0118.223] IWbemClassObject:Get (in: This=0x3c55d0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="SystemName", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="UniqueId", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.223] free (_Block=0x5aca40) [0118.223] malloc (_Size=0x18) returned 0x5aca40 [0118.223] IWbemClassObject:Get (in: This=0x3c55d0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SystemName", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="UniqueId", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.224] free (_Block=0x5aca40) [0118.224] malloc (_Size=0x18) returned 0x5aca40 [0118.224] lstrlenW (lpString="UniqueId") returned 8 [0118.224] lstrlenW (lpString="name") returned 4 [0118.224] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="UniqueId", cchCount2=8) returned 1 [0118.224] free (_Block=0x5aca40) [0118.224] IUnknown:Release (This=0x3c55d0) returned 0x1 [0118.224] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.224] malloc (_Size=0x18) returned 0x5aca40 [0118.225] IWbemClassObject:Get (in: This=0x3c5880, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="UniqueId", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="UpgradeMethod", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.225] free (_Block=0x5aca40) [0118.225] malloc (_Size=0x18) returned 0x5aca40 [0118.225] IWbemClassObject:Get (in: This=0x3c5880, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="UniqueId", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="UpgradeMethod", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.225] free (_Block=0x5aca40) [0118.225] malloc (_Size=0x18) returned 0x5aca40 [0118.225] lstrlenW (lpString="UpgradeMethod") returned 13 [0118.225] lstrlenW (lpString="name") returned 4 [0118.226] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="UpgradeMethod", cchCount2=13) returned 1 [0118.226] free (_Block=0x5aca40) [0118.226] IUnknown:Release (This=0x3c5880) returned 0x1 [0118.226] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.226] malloc (_Size=0x18) returned 0x5aca40 [0118.226] IWbemClassObject:Get (in: This=0x3c5b30, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="UpgradeMethod", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Version", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.226] free (_Block=0x5aca40) [0118.226] malloc (_Size=0x18) returned 0x5aca40 [0118.227] IWbemClassObject:Get (in: This=0x3c5b30, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="UpgradeMethod", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Version", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.227] free (_Block=0x5aca40) [0118.227] malloc (_Size=0x18) returned 0x5aca40 [0118.227] lstrlenW (lpString="Version") returned 7 [0118.227] lstrlenW (lpString="name") returned 4 [0118.227] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Version", cchCount2=7) returned 1 [0118.227] free (_Block=0x5aca40) [0118.227] IUnknown:Release (This=0x3c5b30) returned 0x1 [0118.227] SafeArrayGetElement (in: psa=0x3993b0, rgIndices=0x1af0e8, pv=0x1af098 | out: pv=0x1af098) returned 0x0 [0118.227] malloc (_Size=0x18) returned 0x5aca40 [0118.228] IWbemClassObject:Get (in: This=0x3c5de0, wszName="Name", lFlags=0, pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="Version", varVal2=0xffa08408), pType=0x0, plFlavor=0x0 | out: pVal=0x1af198*(varType=0x8, wReserved1=0x802, wReserved2=0x0, wReserved3=0x0, varVal1="VoltageCaps", varVal2=0xffa08408), pType=0x0, plFlavor=0x0) returned 0x0 [0118.228] free (_Block=0x5aca40) [0118.228] malloc (_Size=0x18) returned 0x5aca40 [0118.228] IWbemClassObject:Get (in: This=0x3c5de0, wszName="Derivation", lFlags=0, pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Version", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0 | out: pVal=0x1af1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="VoltageCaps", varVal2=0xff9f3668), pType=0x0, plFlavor=0x0) returned 0x0 [0118.228] free (_Block=0x5aca40) [0118.228] malloc (_Size=0x18) returned 0x5aca40 [0118.228] lstrlenW (lpString="VoltageCaps") returned 11 [0118.228] lstrlenW (lpString="name") returned 4 [0118.228] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="VoltageCaps", cchCount2=11) returned 1 [0118.229] free (_Block=0x5aca40) [0118.229] IUnknown:Release (This=0x3c5de0) returned 0x1 [0118.229] IUnknown:Release (This=0x378730) returned 0x1 [0118.229] IUnknown:Release (This=0x378260) returned 0x0 [0118.232] free (_Block=0x5aca20) [0118.232] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.232] free (_Block=0x5acc10) [0118.232] malloc (_Size=0x70) returned 0x5acc10 [0118.232] malloc (_Size=0x70) returned 0x5acc90 [0118.232] malloc (_Size=0x48) returned 0x5acdf0 [0118.232] malloc (_Size=0x8) returned 0x5ace40 [0118.232] lstrlenW (lpString="name") returned 4 [0118.232] lstrlenW (lpString="Name") returned 4 [0118.232] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="name", cchCount2=4) returned 2 [0118.233] SysStringLen (param_1="Name") returned 0x4 [0118.233] malloc (_Size=0xa) returned 0x5aca20 [0118.233] SysStringLen (param_1="Name") returned 0x4 [0118.233] malloc (_Size=0x8) returned 0x5ace60 [0118.233] free (_Block=0x5ac9c0) [0118.233] lstrlenW (lpString="Name") returned 4 [0118.233] malloc (_Size=0xa) returned 0x5ac9c0 [0118.233] lstrlenW (lpString="Name") returned 4 [0118.233] free (_Block=0x5aca20) [0118.233] free (_Block=0x5ace60) [0118.234] free (_Block=0x5ace40) [0118.234] free (_Block=0x5acdf0) [0118.234] free (_Block=0x5acc90) [0118.235] free (_Block=0x5acc10) [0118.235] lstrlenW (lpString="Select * from WIN32_PROCESSOR") returned 29 [0118.235] malloc (_Size=0x3c) returned 0x5acc10 [0118.235] lstrlenW (lpString="Select * from WIN32_PROCESSOR") returned 29 [0118.235] wcstok (in: _String="Select * from WIN32_PROCESSOR", _Delimiter=" ", _Context=0xffffffffffffff40 | out: _String="Select", _Context=0xffffffffffffff40) returned="Select" [0118.235] malloc (_Size=0x18) returned 0x5aca20 [0118.235] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned="*" [0118.236] lstrlenW (lpString="FROM") returned 4 [0118.236] lstrlenW (lpString="*") returned 1 [0118.236] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0118.236] malloc (_Size=0x18) returned 0x5aca40 [0118.236] free (_Block=0x5aca20) [0118.236] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x6e013800700006 | out: _String=0x0, _Context=0x6e013800700006) returned="from" [0118.236] lstrlenW (lpString="FROM") returned 4 [0118.236] lstrlenW (lpString="from") returned 4 [0118.236] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0118.236] malloc (_Size=0x18) returned 0x5aca20 [0118.237] free (_Block=0x5aca40) [0118.237] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x6e013900700006 | out: _String=0x0, _Context=0x6e013900700006) returned="WIN32_PROCESSOR" [0118.237] malloc (_Size=0x18) returned 0x5aca40 [0118.237] free (_Block=0x5aca20) [0118.237] free (_Block=0x5acc10) [0118.238] free (_Block=0x5aca40) [0118.238] lstrlenW (lpString="SET") returned 3 [0118.238] lstrlenW (lpString="get") returned 3 [0118.238] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="SET", cchCount2=3) returned 1 [0118.238] lstrlenW (lpString="CREATE") returned 6 [0118.238] lstrlenW (lpString="get") returned 3 [0118.238] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="CREATE", cchCount2=6) returned 3 [0118.238] free (_Block=0x5ac920) [0118.238] malloc (_Size=0x8) returned 0x5acc10 [0118.238] lstrlenW (lpString="GET") returned 3 [0118.238] lstrlenW (lpString="get") returned 3 [0118.238] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2 [0118.239] free (_Block=0x5ac8e0) [0118.239] malloc (_Size=0x18) returned 0x5ac8e0 [0118.239] free (_Block=0x5ac8c0) [0118.239] malloc (_Size=0x18) returned 0x5ac8c0 [0118.239] ??0CHString@@QEAA@XZ () returned 0x1af6a8 [0118.239] malloc (_Size=0x18) returned 0x5ac920 [0118.239] malloc (_Size=0x20) returned 0x5acc30 [0118.240] memcpy_s (in: _Destination=0x5acc30, _DestinationSize=0x1e, _Source=0x379418, _SourceSize=0x14 | out: _Destination=0x5acc30) returned 0x0 [0118.240] lstrlenW (lpString="&") returned 1 [0118.240] lstrlenW (lpString="&") returned 5 [0118.240] lstrlenW (lpString="<") returned 1 [0118.240] lstrlenW (lpString="<") returned 4 [0118.240] lstrlenW (lpString=">") returned 1 [0118.240] lstrlenW (lpString=">") returned 4 [0118.240] lstrlenW (lpString="'") returned 1 [0118.240] lstrlenW (lpString="'") returned 6 [0118.240] lstrlenW (lpString="\"") returned 1 [0118.240] lstrlenW (lpString=""") returned 6 [0118.240] malloc (_Size=0x18) returned 0x5aca40 [0118.241] free (_Block=0x5ac920) [0118.241] free (_Block=0x5acc30) [0118.241] ?Format@CHString@@QEAAXPEBGZZ () returned 0x5acdfc [0118.241] malloc (_Size=0x18) returned 0x5ac920 [0118.241] malloc (_Size=0x18) returned 0x5aca20 [0118.242] SysStringLen (param_1="") returned 0x0 [0118.242] SysStringLen (param_1="") returned 0x1b [0118.242] memcpy (in: _Dst=0x376628, _Src=0x36f698, _Size=0x2 | out: _Dst=0x376628) returned 0x376628 [0118.242] memcpy (in: _Dst=0x376628, _Src=0x3765d8, _Size=0x38 | out: _Dst=0x376628) returned 0x376628 [0118.242] free (_Block=0x5ac8c0) [0118.242] free (_Block=0x5ac920) [0118.242] free (_Block=0x5aca40) [0118.242] ??1CHString@@QEAA@XZ () returned 0x1434c401 [0118.242] WbemLocator:IUnknown:AddRef (This=0x31cba0) returned 0x3 [0118.242] free (_Block=0x5a7fb0) [0118.242] lstrlenW (lpString="") returned 0 [0118.243] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0118.243] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2="", cchCount2=0) returned 3 [0118.243] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0118.243] malloc (_Size=0x16) returned 0x5aca40 [0118.243] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0118.243] GetCurrentThreadId () returned 0xdf0 [0118.243] GetCurrentProcess () returned 0xffffffffffffffff [0118.243] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x1af520 | out: TokenHandle=0x1af520*=0x26c) returned 1 [0118.243] GetTokenInformation (in: TokenHandle=0x26c, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1af518 | out: TokenInformation=0x0, ReturnLength=0x1af518) returned 0 [0118.243] malloc (_Size=0x118) returned 0x5acdf0 [0118.244] GetTokenInformation (in: TokenHandle=0x26c, TokenInformationClass=0x3, TokenInformation=0x5acdf0, TokenInformationLength=0x118, ReturnLength=0x1af518 | out: TokenInformation=0x5acdf0, ReturnLength=0x1af518) returned 1 [0118.244] AdjustTokenPrivileges (in: TokenHandle=0x26c, DisableAllPrivileges=0, NewState=0x5acdf0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=456443809, Attributes=0x84fa), (Luid.LowPart=0x0, Luid.HighPart=5950512, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0118.244] free (_Block=0x5acdf0) [0118.244] CloseHandle (hObject=0x26c) returned 1 [0118.244] lstrlenW (lpString="GET") returned 3 [0118.244] lstrlenW (lpString="get") returned 3 [0118.245] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2 [0118.245] malloc (_Size=0x18) returned 0x5ac920 [0118.245] lstrlenA (lpString="") returned 0 [0118.245] malloc (_Size=0x2) returned 0x5a7fb0 [0118.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=-1, lpWideCharStr=0x5a7fb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0118.245] free (_Block=0x5a7fb0) [0118.245] malloc (_Size=0x18) returned 0x5ac8c0 [0118.245] lstrlenA (lpString="") returned 0 [0118.246] malloc (_Size=0x2) returned 0x5a7fb0 [0118.246] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=-1, lpWideCharStr=0x5a7fb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0118.246] free (_Block=0x5a7fb0) [0118.246] malloc (_Size=0x18) returned 0x5aca60 [0118.246] lstrlenA (lpString="") returned 0 [0118.246] malloc (_Size=0x2) returned 0x5ace20 [0118.246] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=-1, lpWideCharStr=0x5ace20, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0118.246] free (_Block=0x5ace20) [0118.246] malloc (_Size=0x18) returned 0x5aca80 [0118.246] lstrlenA (lpString="") returned 0 [0118.247] malloc (_Size=0x2) returned 0x5ace20 [0118.247] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=-1, lpWideCharStr=0x5ace20, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0118.247] free (_Block=0x5ace20) [0118.247] malloc (_Size=0x18) returned 0x5acac0 [0118.247] malloc (_Size=0x18) returned 0x5acae0 [0118.247] SysStringLen (param_1="") returned 0x0 [0118.247] SysStringLen (param_1="Name") returned 0x4 [0118.247] memcpy (in: _Dst=0x3cb788, _Src=0x379418, _Size=0x2 | out: _Dst=0x3cb788) returned 0x3cb788 [0118.247] memcpy (in: _Dst=0x3cb788, _Src=0x39d178, _Size=0xa | out: _Dst=0x3cb788) returned 0x3cb788 [0118.247] free (_Block=0x5ac920) [0118.248] free (_Block=0x5acac0) [0118.248] lstrlenW (lpString="__CLASS") returned 7 [0118.248] lstrlenW (lpString="Name") returned 4 [0118.248] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__CLASS", cchCount2=7) returned 3 [0118.248] lstrlenW (lpString="__DERIVATION") returned 12 [0118.248] lstrlenW (lpString="Name") returned 4 [0118.248] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__DERIVATION", cchCount2=12) returned 3 [0118.248] lstrlenW (lpString="__DYNASTY") returned 9 [0118.248] lstrlenW (lpString="Name") returned 4 [0118.248] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__DYNASTY", cchCount2=9) returned 3 [0118.248] lstrlenW (lpString="__GENUS") returned 7 [0118.249] lstrlenW (lpString="Name") returned 4 [0118.249] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__GENUS", cchCount2=7) returned 3 [0118.249] lstrlenW (lpString="__NAMESPACE") returned 11 [0118.249] lstrlenW (lpString="Name") returned 4 [0118.249] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__NAMESPACE", cchCount2=11) returned 3 [0118.249] lstrlenW (lpString="__PATH") returned 6 [0118.249] lstrlenW (lpString="Name") returned 4 [0118.249] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__PATH", cchCount2=6) returned 3 [0118.249] lstrlenW (lpString="__PROPERTYCOUNT") returned 15 [0118.249] lstrlenW (lpString="Name") returned 4 [0118.249] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__PROPERTYCOUNT", cchCount2=15) returned 3 [0118.249] lstrlenW (lpString="__RELPATH") returned 9 [0118.250] lstrlenW (lpString="Name") returned 4 [0118.250] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__RELPATH", cchCount2=9) returned 3 [0118.250] lstrlenW (lpString="__SERVER") returned 8 [0118.250] lstrlenW (lpString="Name") returned 4 [0118.250] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__SERVER", cchCount2=8) returned 3 [0118.250] lstrlenW (lpString="__SUPERCLASS") returned 12 [0118.250] lstrlenW (lpString="Name") returned 4 [0118.250] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__SUPERCLASS", cchCount2=12) returned 3 [0118.250] lstrlenW (lpString="Select * from WIN32_PROCESSOR") returned 29 [0118.250] malloc (_Size=0x3c) returned 0x5acc30 [0118.250] lstrlenW (lpString="Select * from WIN32_PROCESSOR") returned 29 [0118.257] wcstok (in: _String="Select * from WIN32_PROCESSOR", _Delimiter=" ", _Context=0xffffffffffffff20 | out: _String="Select", _Context=0xffffffffffffff20) returned="Select" [0118.258] malloc (_Size=0x18) returned 0x5acac0 [0118.258] free (_Block=0x5ac8c0) [0118.258] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x6e0145005c0003 | out: _String=0x0, _Context=0x6e0145005c0003) returned="*" [0118.258] lstrlenW (lpString="FROM") returned 4 [0118.258] lstrlenW (lpString="*") returned 1 [0118.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0118.259] malloc (_Size=0x18) returned 0x5ac8c0 [0118.259] free (_Block=0x5acac0) [0118.259] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x6e0146005c0003 | out: _String=0x0, _Context=0x6e0146005c0003) returned="from" [0118.259] lstrlenW (lpString="FROM") returned 4 [0118.259] lstrlenW (lpString="from") returned 4 [0118.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0118.259] malloc (_Size=0x18) returned 0x5acac0 [0118.260] free (_Block=0x5ac8c0) [0118.260] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x6e0147005c0003 | out: _String=0x0, _Context=0x6e0147005c0003) returned="WIN32_PROCESSOR" [0118.260] malloc (_Size=0x18) returned 0x5ac8c0 [0118.260] free (_Block=0x5acac0) [0118.260] free (_Block=0x5acc30) [0118.260] malloc (_Size=0x18) returned 0x5acac0 [0118.260] lstrlenA (lpString=" FROM ") returned 6 [0118.261] malloc (_Size=0xe) returned 0x5ac920 [0118.261] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=" FROM ", cbMultiByte=-1, lpWideCharStr=0x5ac920, cchWideChar=7 | out: lpWideCharStr=" FROM ") returned 7 [0118.261] free (_Block=0x5ac920) [0118.261] malloc (_Size=0x18) returned 0x5ac920 [0118.261] lstrlenA (lpString="SELECT ") returned 7 [0118.261] malloc (_Size=0x10) returned 0x5acb00 [0118.261] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="SELECT ", cbMultiByte=-1, lpWideCharStr=0x5acb00, cchWideChar=8 | out: lpWideCharStr="SELECT ") returned 8 [0118.261] free (_Block=0x5acb00) [0118.261] malloc (_Size=0x18) returned 0x5acb00 [0118.261] SysStringLen (param_1="SELECT ") returned 0x7 [0118.261] SysStringLen (param_1="Name") returned 0x4 [0118.262] memcpy (in: _Dst=0x3cb7b8, _Src=0x379418, _Size=0x10 | out: _Dst=0x3cb7b8) returned 0x3cb7b8 [0118.262] memcpy (in: _Dst=0x3cb7c6, _Src=0x3cb788, _Size=0xa | out: _Dst=0x3cb7c6) returned 0x3cb7c6 [0118.262] malloc (_Size=0x18) returned 0x5acb20 [0118.262] SysStringLen (param_1="SELECT Name") returned 0xb [0118.262] SysStringLen (param_1=" FROM ") returned 0x6 [0118.262] memcpy (in: _Dst=0x3765d8, _Src=0x3cb7b8, _Size=0x18 | out: _Dst=0x3765d8) returned 0x3765d8 [0118.262] memcpy (in: _Dst=0x3765ee, _Src=0x39d178, _Size=0xe | out: _Dst=0x3765ee) returned 0x3765ee [0118.262] malloc (_Size=0x18) returned 0x5ad220 [0118.263] SysStringLen (param_1="SELECT Name FROM ") returned 0x11 [0118.263] SysStringLen (param_1="WIN32_PROCESSOR") returned 0xf [0118.263] memcpy (in: _Dst=0x38f698, _Src=0x3765d8, _Size=0x24 | out: _Dst=0x38f698) returned 0x38f698 [0118.263] memcpy (in: _Dst=0x38f6ba, _Src=0x399328, _Size=0x20 | out: _Dst=0x38f6ba) returned 0x38f6ba [0118.263] free (_Block=0x5aca60) [0118.263] free (_Block=0x5acb20) [0118.263] free (_Block=0x5acb00) [0118.264] free (_Block=0x5ac920) [0118.264] free (_Block=0x5acac0) [0118.264] ??0CHString@@QEAA@XZ () returned 0x1ab3d0 [0118.264] GetCurrentThreadId () returned 0xdf0 [0118.264] CoCreateInstance (in: rclsid=0xff9f73d0*(Data1=0x8d1c559d, Data2=0x84f0, Data3=0x4bb3, Data4=([0]=0xa7, [1]=0xd5, [2]=0x56, [3]=0xa7, [4]=0x43, [5]=0x5a, [6]=0x9b, [7]=0xa6)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff9f73e0*(Data1=0xbfbf883a, Data2=0xcad7, Data3=0x11d3, Data4=([0]=0xa1, [1]=0x1b, [2]=0x0, [3]=0x10, [4]=0x5a, [5]=0x1f, [6]=0x51, [7]=0x5a)), ppv=0xffa629c0 | out: ppv=0xffa629c0*=0x3993c0) returned 0x0 [0118.271] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.271] ??0CHString@@QEAA@XZ () returned 0x1ab3d0 [0118.271] GetCurrentThreadId () returned 0xdf0 [0118.271] malloc (_Size=0x18) returned 0x5acac0 [0118.271] malloc (_Size=0x18) returned 0x5ac920 [0118.272] malloc (_Size=0x18) returned 0x5acb00 [0118.272] malloc (_Size=0x18) returned 0x5acb20 [0118.272] malloc (_Size=0x18) returned 0x5aca60 [0118.272] SysStringLen (param_1="\\\\") returned 0x2 [0118.272] SysStringLen (param_1="Q9IATRKPRH") returned 0xa [0118.272] memcpy (in: _Dst=0x3765d8, _Src=0x379418, _Size=0x6 | out: _Dst=0x3765d8) returned 0x3765d8 [0118.272] memcpy (in: _Dst=0x3765dc, _Src=0x3cb7b8, _Size=0x16 | out: _Dst=0x3765dc) returned 0x3765dc [0118.272] malloc (_Size=0x18) returned 0x5ad240 [0118.272] SysStringLen (param_1="\\\\Q9IATRKPRH") returned 0xc [0118.272] SysStringLen (param_1="\\") returned 0x1 [0118.273] memcpy (in: _Dst=0x3cac08, _Src=0x3765d8, _Size=0x1a | out: _Dst=0x3cac08) returned 0x3cac08 [0118.273] memcpy (in: _Dst=0x3cac20, _Src=0x36f698, _Size=0x4 | out: _Dst=0x3cac20) returned 0x3cac20 [0118.273] malloc (_Size=0x18) returned 0x5ad260 [0118.273] SysStringLen (param_1="\\\\Q9IATRKPRH\\") returned 0xd [0118.273] SysStringLen (param_1="ROOT\\CIMV2") returned 0xa [0118.273] memcpy (in: _Dst=0x376678, _Src=0x3cac08, _Size=0x1c | out: _Dst=0x376678) returned 0x376678 [0118.273] memcpy (in: _Dst=0x376692, _Src=0x394d08, _Size=0x16 | out: _Dst=0x376692) returned 0x376692 [0118.273] free (_Block=0x5ad240) [0118.273] free (_Block=0x5aca60) [0118.273] free (_Block=0x5acb20) [0118.274] free (_Block=0x5acb00) [0118.274] free (_Block=0x5ac920) [0118.274] free (_Block=0x5acac0) [0118.274] malloc (_Size=0x18) returned 0x5acac0 [0118.274] malloc (_Size=0x18) returned 0x5ac920 [0118.274] malloc (_Size=0x18) returned 0x5acb00 [0118.274] WbemLocator:IWbemLocator:ConnectServer (in: This=0x31cba0, strNetworkResource="\\\\Q9IATRKPRH\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xffa629d0 | out: ppNamespace=0xffa629d0*=0x386660) returned 0x0 [0118.309] free (_Block=0x5acb00) [0118.309] free (_Block=0x5ac920) [0118.310] free (_Block=0x5acac0) [0118.310] CoSetProxyBlanket (pProxy=0x386660, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0118.311] free (_Block=0x5ad260) [0118.311] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.311] ??0CHString@@QEAA@XZ () returned 0x1ab2e0 [0118.311] GetCurrentThreadId () returned 0xdf0 [0118.311] free (_Block=0x5aca80) [0118.311] malloc (_Size=0x18) returned 0x5aca80 [0118.312] ??0CHString@@QEAA@XZ () returned 0x1ab290 [0118.312] GetCurrentThreadId () returned 0xdf0 [0118.312] CoCreateInstanceEx (in: Clsid=0xff9f73b0*(Data1=0x674b6698, Data2=0xee92, Data3=0x11d0, Data4=([0]=0xad, [1]=0x71, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd8, [6]=0xfd, [7]=0xff)), punkOuter=0x0, dwClsCtx=0x1, pServerInfo=0x0, dwCount=0x1, pResults=0x1ab240 | out: pResults=((pIID=0xff9f7380*(Data1=0x44aca674, Data2=0xe8fc, Data3=0x11d0, Data4=([0]=0xa0, [1]=0x7c, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), pItf=0x398510, hr=0x0))) returned 0x0 [0118.318] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.318] malloc (_Size=0x18) returned 0x5acac0 [0118.319] IWbemServices:ExecQuery (in: This=0x386660, strQueryLanguage="WQL", strQuery="SELECT Name FROM WIN32_PROCESSOR", lFlags=48, pCtx=0x0, ppEnum=0x1ab2f0 | out: ppEnum=0x1ab2f0*=0x378dd0) returned 0x0 [0118.331] free (_Block=0x5acac0) [0118.331] malloc (_Size=0x18) returned 0x5acac0 [0118.331] WbemContext:IWbemContext:SetValue (This=0x398510, wszName="ExcludeSystemProperties", lFlags=0, pValue=0x1ab350*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0)) returned 0x0 [0118.331] free (_Block=0x5acac0) [0118.331] CoSetProxyBlanket (pProxy=0x378dd0, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0118.409] IEnumWbemClassObject:Next (in: This=0x378dd0, lTimeout=-1, uCount=0x1, apObjects=0x1ab2f8, puReturned=0x1ab310 | out: apObjects=0x1ab2f8*=0x3c5de0, puReturned=0x1ab310*=0x1) returned 0x0 [0118.494] WbemObjectTextSrc:IWbemObjectTextSrc:GetText (in: This=0x3993c0, lFlags=0, pObj=0x3c5de0, uObjTextFormat=0x1, pCtx=0x398510, strText=0x1ab300 | out: strText=0x1ab300*="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x0 [0118.520] malloc (_Size=0x18) returned 0x5acac0 [0118.520] malloc (_Size=0x18) returned 0x5ac920 [0118.520] SysStringLen (param_1="") returned 0x5 [0118.520] SysStringLen (param_1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x96 [0118.521] memcpy (in: _Dst=0x3a3db8, _Src=0x379418, _Size=0xc | out: _Dst=0x3a3db8) returned 0x3a3db8 [0118.521] memcpy (in: _Dst=0x3a3dc2, _Src=0x3a3b18, _Size=0x12e | out: _Dst=0x3a3dc2) returned 0x3a3dc2 [0118.521] free (_Block=0x5aca80) [0118.521] free (_Block=0x5acac0) [0118.521] IUnknown:Release (This=0x3c5de0) returned 0x0 [0118.521] IEnumWbemClassObject:Next (in: This=0x378dd0, lTimeout=-1, uCount=0x1, apObjects=0x1ab2f8, puReturned=0x1ab310 | out: apObjects=0x1ab2f8*=0x0, puReturned=0x1ab310*=0x0) returned 0x1 [0118.532] malloc (_Size=0x18) returned 0x5acac0 [0118.532] malloc (_Size=0x18) returned 0x5aca80 [0118.532] SysStringLen (param_1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x9b [0118.532] SysStringLen (param_1="") returned 0x6 [0118.532] memcpy (in: _Dst=0x3a3f08, _Src=0x3a3db8, _Size=0x138 | out: _Dst=0x3a3f08) returned 0x3a3f08 [0118.532] memcpy (in: _Dst=0x3a403e, _Src=0x3cbab8, _Size=0xe | out: _Dst=0x3a403e) returned 0x3a403e [0118.532] free (_Block=0x5ac920) [0118.533] free (_Block=0x5acac0) [0118.533] free (_Block=0x5aca80) [0118.533] malloc (_Size=0x18) returned 0x5aca80 [0118.533] IUnknown:Release (This=0x378dd0) returned 0x0 [0118.537] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.538] free (_Block=0x5aca80) [0118.538] free (_Block=0x5ad220) [0118.538] free (_Block=0x5ac8c0) [0118.538] free (_Block=0x5acae0) [0118.538] malloc (_Size=0x18) returned 0x5acae0 [0118.538] malloc (_Size=0x18) returned 0x5ac8c0 [0118.538] SysStringLen (param_1="") returned 0x1b [0118.538] SysStringLen (param_1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0xa1 [0118.539] memcpy (in: _Dst=0x3c13d8, _Src=0x376628, _Size=0x38 | out: _Dst=0x3c13d8) returned 0x3c13d8 [0118.539] memcpy (in: _Dst=0x3c140e, _Src=0x3a3f08, _Size=0x144 | out: _Dst=0x3c140e) returned 0x3c140e [0118.539] free (_Block=0x5aca20) [0118.539] free (_Block=0x5acae0) [0118.539] malloc (_Size=0x18) returned 0x5acae0 [0118.539] malloc (_Size=0x18) returned 0x5aca20 [0118.539] SysStringLen (param_1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0xbc [0118.539] SysStringLen (param_1="") returned 0xa [0118.540] memcpy (in: _Dst=0x3a36b8, _Src=0x3c13d8, _Size=0x17a | out: _Dst=0x3a36b8) returned 0x3a36b8 [0118.540] memcpy (in: _Dst=0x3a3830, _Src=0x3cbab8, _Size=0x16 | out: _Dst=0x3a3830) returned 0x3a3830 [0118.540] free (_Block=0x5ac8c0) [0118.540] free (_Block=0x5acae0) [0118.540] ??0CHString@@QEAA@XZ () returned 0x1af580 [0118.540] malloc (_Size=0x18) returned 0x5acae0 [0118.540] malloc (_Size=0x20) returned 0x5acc30 [0118.540] memcpy_s (in: _Destination=0x5acc30, _DestinationSize=0x1e, _Source=0x3cbab8, _SourceSize=0x14 | out: _Destination=0x5acc30) returned 0x0 [0118.540] lstrlenW (lpString="&") returned 1 [0118.540] lstrlenW (lpString="&") returned 5 [0118.540] lstrlenW (lpString="<") returned 1 [0118.541] lstrlenW (lpString="<") returned 4 [0118.541] lstrlenW (lpString=">") returned 1 [0118.541] lstrlenW (lpString=">") returned 4 [0118.541] lstrlenW (lpString="'") returned 1 [0118.541] lstrlenW (lpString="'") returned 6 [0118.541] lstrlenW (lpString="\"") returned 1 [0118.541] lstrlenW (lpString=""") returned 6 [0118.541] malloc (_Size=0x18) returned 0x5ac8c0 [0118.541] free (_Block=0x5acae0) [0118.542] free (_Block=0x5acc30) [0118.542] ?Format@CHString@@QEAAXPEBGZZ () returned 0x5ad9fc [0118.542] malloc (_Size=0x18) returned 0x5acae0 [0118.542] free (_Block=0x5ac8e0) [0118.542] free (_Block=0x5ac8c0) [0118.543] ??1CHString@@QEAA@XZ () returned 0x1434c401 [0118.543] ??0CHString@@QEAA@XZ () returned 0x1af578 [0118.543] malloc (_Size=0x18) returned 0x5ac8c0 [0118.543] malloc (_Size=0x18) returned 0x5ac8e0 [0118.543] malloc (_Size=0x20) returned 0x5acc30 [0118.543] memcpy_s (in: _Destination=0x5acc30, _DestinationSize=0x1e, _Source=0x3765d8, _SourceSize=0x1a | out: _Destination=0x5acc30) returned 0x0 [0118.543] lstrlenW (lpString="&") returned 1 [0118.543] lstrlenW (lpString="&") returned 5 [0118.543] lstrlenW (lpString="<") returned 1 [0118.543] lstrlenW (lpString="<") returned 4 [0118.544] lstrlenW (lpString=">") returned 1 [0118.544] lstrlenW (lpString=">") returned 4 [0118.544] lstrlenW (lpString="'") returned 1 [0118.544] lstrlenW (lpString="'") returned 6 [0118.544] lstrlenW (lpString="\"") returned 1 [0118.544] lstrlenW (lpString=""") returned 6 [0118.544] malloc (_Size=0x18) returned 0x5aca80 [0118.544] free (_Block=0x5ac8e0) [0118.545] free (_Block=0x5acc30) [0118.545] ?Format@CHString@@QEAAXPEBGZZ () returned 0x5ad9fc [0118.545] malloc (_Size=0x18) returned 0x5ac8e0 [0118.545] malloc (_Size=0x18) returned 0x5acac0 [0118.545] SysStringLen (param_1="") returned 0x9 [0118.545] SysStringLen (param_1=" cpu get name") returned 0x28 [0118.545] memcpy (in: _Dst=0x38f698, _Src=0x3cbab8, _Size=0x14 | out: _Dst=0x38f698) returned 0x38f698 [0118.545] memcpy (in: _Dst=0x38f6aa, _Src=0x390678, _Size=0x52 | out: _Dst=0x38f6aa) returned 0x38f6aa [0118.545] free (_Block=0x5ac8c0) [0118.546] free (_Block=0x5ac8e0) [0118.546] ??0CHString@@QEAA@XZ () returned 0x1af568 [0118.546] malloc (_Size=0x18) returned 0x5ac8e0 [0118.546] ??0CHString@@QEAA@XZ () returned 0x1af4f8 [0118.546] malloc (_Size=0x18) returned 0x5ac8c0 [0118.546] malloc (_Size=0x8) returned 0x5ace20 [0118.546] memmove_s (in: _Destination=0x5ace20, _DestinationSize=0x8, _Source=0x5a63e0, _SourceSize=0x8 | out: _Destination=0x5ace20) returned 0x0 [0118.546] malloc (_Size=0x18) returned 0x5ac920 [0118.547] malloc (_Size=0x20) returned 0x5acc30 [0118.547] memcpy_s (in: _Destination=0x5acc30, _DestinationSize=0x1e, _Source=0x379448, _SourceSize=0x14 | out: _Destination=0x5acc30) returned 0x0 [0118.547] lstrlenW (lpString="&") returned 1 [0118.548] lstrlenW (lpString="&") returned 5 [0118.548] lstrlenW (lpString="<") returned 1 [0118.548] lstrlenW (lpString="<") returned 4 [0118.548] lstrlenW (lpString=">") returned 1 [0118.548] lstrlenW (lpString=">") returned 4 [0118.548] lstrlenW (lpString="'") returned 1 [0118.548] lstrlenW (lpString="'") returned 6 [0118.548] lstrlenW (lpString="\"") returned 1 [0118.548] lstrlenW (lpString=""") returned 6 [0118.548] malloc (_Size=0x18) returned 0x5acb00 [0118.548] free (_Block=0x5ac920) [0118.549] free (_Block=0x5acc30) [0118.549] ?Format@CHString@@QEAAXPEBGZZ () returned 0x5add5c [0118.549] malloc (_Size=0x18) returned 0x5ac920 [0118.549] malloc (_Size=0x18) returned 0x5acb20 [0118.549] SysStringLen (param_1="") returned 0xa [0118.549] SysStringLen (param_1="Q9IATRKPRH") returned 0x17 [0118.550] memcpy (in: _Dst=0x390678, _Src=0x3cbab8, _Size=0x16 | out: _Dst=0x390678) returned 0x390678 [0118.550] memcpy (in: _Dst=0x39068c, _Src=0x376628, _Size=0x30 | out: _Dst=0x39068c) returned 0x39068c [0118.550] free (_Block=0x5ac8c0) [0118.550] free (_Block=0x5ac920) [0118.550] malloc (_Size=0x18) returned 0x5ac920 [0118.550] malloc (_Size=0x18) returned 0x5ac8c0 [0118.550] SysStringLen (param_1="Q9IATRKPRH") returned 0x21 [0118.550] SysStringLen (param_1="") returned 0xb [0118.551] memcpy (in: _Dst=0x35e5b8, _Src=0x390678, _Size=0x44 | out: _Dst=0x35e5b8) returned 0x35e5b8 [0118.551] memcpy (in: _Dst=0x35e5fa, _Src=0x379448, _Size=0x18 | out: _Dst=0x35e5fa) returned 0x35e5fa [0118.551] free (_Block=0x5acb20) [0118.551] free (_Block=0x5ac920) [0118.551] free (_Block=0x5acb00) [0118.551] free (_Block=0x5ace20) [0118.551] ??1CHString@@QEAA@XZ () returned 0x1434c401 [0118.551] malloc (_Size=0x18) returned 0x5acb00 [0118.551] SysStringLen (param_1="") returned 0x17 [0118.551] SysStringLen (param_1="Q9IATRKPRH") returned 0x2c [0118.552] memcpy (in: _Dst=0x390678, _Src=0x3765d8, _Size=0x30 | out: _Dst=0x390678) returned 0x390678 [0118.552] memcpy (in: _Dst=0x3906a6, _Src=0x35e5b8, _Size=0x5a | out: _Dst=0x3906a6) returned 0x3906a6 [0118.552] free (_Block=0x5ac8e0) [0118.552] lstrlenW (lpString="LIST") returned 4 [0118.552] lstrlenW (lpString="get") returned 3 [0118.552] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="LIST", cchCount2=4) returned 1 [0118.552] malloc (_Size=0x18) returned 0x5ac8e0 [0118.552] malloc (_Size=0x18) returned 0x5ac920 [0118.552] SysStringLen (param_1="Q9IATRKPRH") returned 0x43 [0118.552] SysStringLen (param_1="") returned 0x18 [0118.553] memcpy (in: _Dst=0x3c4488, _Src=0x390678, _Size=0x88 | out: _Dst=0x3c4488) returned 0x3c4488 [0118.553] memcpy (in: _Dst=0x3c450e, _Src=0x376628, _Size=0x32 | out: _Dst=0x3c450e) returned 0x3c450e [0118.553] free (_Block=0x5acb00) [0118.553] free (_Block=0x5ac8e0) [0118.553] free (_Block=0x5ac8c0) [0118.553] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0118.553] malloc (_Size=0x18) returned 0x5ac8c0 [0118.553] SysStringLen (param_1=" cpu get name") returned 0x31 [0118.553] SysStringLen (param_1="Q9IATRKPRH") returned 0x5b [0118.554] memcpy (in: _Dst=0x3a3b18, _Src=0x38f698, _Size=0x64 | out: _Dst=0x3a3b18) returned 0x3a3b18 [0118.554] memcpy (in: _Dst=0x3a3b7a, _Src=0x3c4488, _Size=0xb8 | out: _Dst=0x3a3b7a) returned 0x3a3b7a [0118.554] free (_Block=0x5acac0) [0118.554] ??0CHString@@QEAA@XZ () returned 0x1af4d0 [0118.554] malloc (_Size=0x18) returned 0x5acac0 [0118.554] malloc (_Size=0x18) returned 0x5ac8e0 [0118.554] malloc (_Size=0x18) returned 0x5acb00 [0118.554] malloc (_Size=0x18) returned 0x5acb20 [0118.555] malloc (_Size=0x18) returned 0x5aca60 [0118.555] malloc (_Size=0x18) returned 0x5ad220 [0118.555] malloc (_Size=0x18) returned 0x5ad240 [0118.555] malloc (_Size=0x18) returned 0x5ad260 [0118.555] memcpy_s (in: _Destination=0x1af3d0, _DestinationSize=0xe, _Source=0x3cbae8, _SourceSize=0xc | out: _Destination=0x1af3d0) returned 0x0 [0118.555] lstrlenW (lpString="&") returned 1 [0118.555] lstrlenW (lpString="&") returned 5 [0118.555] lstrlenW (lpString="<") returned 1 [0118.555] lstrlenW (lpString="<") returned 4 [0118.556] lstrlenW (lpString=">") returned 1 [0118.556] lstrlenW (lpString=">") returned 4 [0118.556] lstrlenW (lpString="'") returned 1 [0118.556] lstrlenW (lpString="'") returned 6 [0118.556] lstrlenW (lpString="\"") returned 1 [0118.556] lstrlenW (lpString=""") returned 6 [0118.556] malloc (_Size=0x18) returned 0x5ad280 [0118.556] free (_Block=0x5ad260) [0118.556] malloc (_Size=0x18) returned 0x5ad260 [0118.556] memcpy_s (in: _Destination=0x1af3d0, _DestinationSize=0xe, _Source=0x3cbae8, _SourceSize=0xc | out: _Destination=0x1af3d0) returned 0x0 [0118.557] lstrlenW (lpString="&") returned 1 [0118.557] lstrlenW (lpString="&") returned 5 [0118.557] lstrlenW (lpString="<") returned 1 [0118.557] lstrlenW (lpString="<") returned 4 [0118.557] lstrlenW (lpString=">") returned 1 [0118.557] lstrlenW (lpString=">") returned 4 [0118.557] lstrlenW (lpString="'") returned 1 [0118.557] lstrlenW (lpString="'") returned 6 [0118.557] lstrlenW (lpString="\"") returned 1 [0118.557] lstrlenW (lpString=""") returned 6 [0118.557] malloc (_Size=0x18) returned 0x5ad2a0 [0118.558] free (_Block=0x5ad260) [0118.558] malloc (_Size=0x18) returned 0x5ad260 [0118.558] memcpy_s (in: _Destination=0x1af3d0, _DestinationSize=0xe, _Source=0x3cbae8, _SourceSize=0x6 | out: _Destination=0x1af3d0) returned 0x0 [0118.558] lstrlenW (lpString="&") returned 1 [0118.558] lstrlenW (lpString="&") returned 5 [0118.558] lstrlenW (lpString="<") returned 1 [0118.558] lstrlenW (lpString="<") returned 4 [0118.558] lstrlenW (lpString=">") returned 1 [0118.558] lstrlenW (lpString=">") returned 4 [0118.558] lstrlenW (lpString="'") returned 1 [0118.558] lstrlenW (lpString="'") returned 6 [0118.559] lstrlenW (lpString="\"") returned 1 [0118.559] lstrlenW (lpString=""") returned 6 [0118.559] malloc (_Size=0x18) returned 0x5ad2c0 [0118.559] free (_Block=0x5ad260) [0118.559] malloc (_Size=0x18) returned 0x5ad260 [0118.559] memcpy_s (in: _Destination=0x1af3d0, _DestinationSize=0xe, _Source=0x3cbae8, _SourceSize=0x6 | out: _Destination=0x1af3d0) returned 0x0 [0118.559] lstrlenW (lpString="&") returned 1 [0118.559] lstrlenW (lpString="&") returned 5 [0118.559] lstrlenW (lpString="<") returned 1 [0118.559] lstrlenW (lpString="<") returned 4 [0118.559] lstrlenW (lpString=">") returned 1 [0118.559] lstrlenW (lpString=">") returned 4 [0118.560] lstrlenW (lpString="'") returned 1 [0118.560] lstrlenW (lpString="'") returned 6 [0118.560] lstrlenW (lpString="\"") returned 1 [0118.560] lstrlenW (lpString=""") returned 6 [0118.560] malloc (_Size=0x18) returned 0x5ad2e0 [0118.560] free (_Block=0x5ad260) [0118.560] malloc (_Size=0x18) returned 0x5ad260 [0118.560] malloc (_Size=0x20) returned 0x5acc30 [0118.560] memcpy_s (in: _Destination=0x5acc30, _DestinationSize=0x1e, _Source=0x3cbae8, _SourceSize=0x14 | out: _Destination=0x5acc30) returned 0x0 [0118.560] lstrlenW (lpString="&") returned 1 [0118.561] lstrlenW (lpString="&") returned 5 [0118.561] lstrlenW (lpString="<") returned 1 [0118.561] lstrlenW (lpString="<") returned 4 [0118.561] lstrlenW (lpString=">") returned 1 [0118.561] lstrlenW (lpString=">") returned 4 [0118.561] lstrlenW (lpString="'") returned 1 [0118.561] lstrlenW (lpString="'") returned 6 [0118.561] lstrlenW (lpString="\"") returned 1 [0118.561] lstrlenW (lpString=""") returned 6 [0118.561] malloc (_Size=0x18) returned 0x5ad300 [0118.561] free (_Block=0x5ad260) [0118.562] free (_Block=0x5acc30) [0118.562] malloc (_Size=0x18) returned 0x5ad260 [0118.562] malloc (_Size=0x20) returned 0x5acc30 [0118.562] memcpy_s (in: _Destination=0x5acc30, _DestinationSize=0x1e, _Source=0x3cbae8, _SourceSize=0x10 | out: _Destination=0x5acc30) returned 0x0 [0118.562] lstrlenW (lpString="&") returned 1 [0118.563] lstrlenW (lpString="&") returned 5 [0118.563] lstrlenW (lpString="<") returned 1 [0118.563] lstrlenW (lpString="<") returned 4 [0118.563] lstrlenW (lpString=">") returned 1 [0118.563] lstrlenW (lpString=">") returned 4 [0118.563] lstrlenW (lpString="'") returned 1 [0118.563] lstrlenW (lpString="'") returned 6 [0118.563] lstrlenW (lpString="\"") returned 1 [0118.563] lstrlenW (lpString=""") returned 6 [0118.563] malloc (_Size=0x18) returned 0x5ad320 [0118.564] free (_Block=0x5ad260) [0118.564] free (_Block=0x5acc30) [0118.564] malloc (_Size=0x18) returned 0x5ad260 [0118.564] memcpy_s (in: _Destination=0x1af3d0, _DestinationSize=0xe, _Source=0x3cbae8, _SourceSize=0xc | out: _Destination=0x1af3d0) returned 0x0 [0118.565] lstrlenW (lpString="&") returned 1 [0118.565] lstrlenW (lpString="&") returned 5 [0118.565] lstrlenW (lpString="<") returned 1 [0118.565] lstrlenW (lpString="<") returned 4 [0118.565] lstrlenW (lpString=">") returned 1 [0118.565] lstrlenW (lpString=">") returned 4 [0118.565] lstrlenW (lpString="'") returned 1 [0118.565] lstrlenW (lpString="'") returned 6 [0118.565] lstrlenW (lpString="\"") returned 1 [0118.565] lstrlenW (lpString=""") returned 6 [0118.565] malloc (_Size=0x18) returned 0x5ad340 [0118.565] free (_Block=0x5ad260) [0118.566] ?Format@CHString@@QEAAXPEBGZZ () returned 0x1bdfdc [0118.567] malloc (_Size=0x18) returned 0x5ad260 [0118.567] ??1CHString@@QEAA@XZ () returned 0x6501 [0118.567] free (_Block=0x5ad340) [0118.567] free (_Block=0x5ad320) [0118.568] free (_Block=0x5ad300) [0118.568] free (_Block=0x5ad240) [0118.568] free (_Block=0x5ad2e0) [0118.568] free (_Block=0x5ad280) [0118.568] free (_Block=0x5ad2a0) [0118.568] free (_Block=0x5ad220) [0118.568] free (_Block=0x5aca60) [0118.569] free (_Block=0x5ad2c0) [0118.569] free (_Block=0x5acb20) [0118.569] free (_Block=0x5acb00) [0118.569] free (_Block=0x5acac0) [0118.569] free (_Block=0x5ac8e0) [0118.569] malloc (_Size=0x18) returned 0x5ac8e0 [0118.569] SysStringLen (param_1=" cpu get nameQ9IATRKPRH") returned 0x8c [0118.569] SysStringLen (param_1="root\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AON") returned 0x173 [0118.570] memcpy (in: _Dst=0x3c19e8, _Src=0x3a3b18, _Size=0x11a | out: _Dst=0x3c19e8) returned 0x3c19e8 [0118.570] memcpy (in: _Dst=0x3c1b00, _Src=0x378cf8, _Size=0x2e8 | out: _Dst=0x3c1b00) returned 0x3c1b00 [0118.570] free (_Block=0x5ac8c0) [0118.570] malloc (_Size=0x18) returned 0x5ac8c0 [0118.570] malloc (_Size=0x18) returned 0x5acac0 [0118.570] SysStringLen (param_1=" cpu get nameQ9IATRKPRHroot\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AON") returned 0x1ff [0118.570] SysStringLen (param_1="") returned 0xa [0118.570] memcpy (in: _Dst=0x3a4068, _Src=0x3c19e8, _Size=0x400 | out: _Dst=0x3a4068) returned 0x3a4068 [0118.570] memcpy (in: _Dst=0x3a4466, _Src=0x3cbae8, _Size=0x16 | out: _Dst=0x3a4466) returned 0x3a4466 [0118.571] free (_Block=0x5ac8e0) [0118.571] free (_Block=0x5ac8c0) [0118.571] free (_Block=0x5aca80) [0118.571] free (_Block=0x5ac920) [0118.571] free (_Block=0x5ad260) [0118.571] ??1CHString@@QEAA@XZ () returned 0x1434c401 [0118.571] malloc (_Size=0x18) returned 0x5ac920 [0118.571] SysStringLen (param_1="") returned 0x0 [0118.572] SysStringLen (param_1="") returned 0x60 [0118.572] memcpy (in: _Dst=0x378ff8, _Src=0x320a28, _Size=0x2 | out: _Dst=0x378ff8) returned 0x378ff8 [0118.572] memcpy (in: _Dst=0x378ff8, _Src=0x378628, _Size=0xc2 | out: _Dst=0x378ff8) returned 0x378ff8 [0118.572] free (_Block=0x5ac880) [0118.572] malloc (_Size=0x18) returned 0x5ac880 [0118.572] SysStringLen (param_1="") returned 0x60 [0118.572] SysStringLen (param_1=" cpu get nameQ9IATRKPRHroot\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AON") returned 0x209 [0118.572] memcpy (in: _Dst=0x3a4498, _Src=0x378ff8, _Size=0xc2 | out: _Dst=0x3a4498) returned 0x3a4498 [0118.572] memcpy (in: _Dst=0x3a4558, _Src=0x3a4068, _Size=0x414 | out: _Dst=0x3a4558) returned 0x3a4558 [0118.573] free (_Block=0x5ac920) [0118.573] WbemLocator:IUnknown:Release (This=0x386660) returned 0x0 [0118.574] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4dfc96c [0118.574] malloc (_Size=0x18) returned 0x5ac920 [0118.574] SysStringLen (param_1="") returned 0x0 [0118.574] SysStringLen (param_1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0xc6 [0118.574] memcpy (in: _Dst=0x3c19e8, _Src=0x36f678, _Size=0x2 | out: _Dst=0x3c19e8) returned 0x3c19e8 [0118.574] memcpy (in: _Dst=0x3c19e8, _Src=0x3a36b8, _Size=0x18e | out: _Dst=0x3c19e8) returned 0x3c19e8 [0118.575] free (_Block=0x5ac8a0) [0118.575] _kbhit () returned 0x0 [0118.579] malloc (_Size=0x18) returned 0x5ac8a0 [0118.579] SysStringLen (param_1=" cpu get nameQ9IATRKPRHroot\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AON") returned 0x269 [0118.579] SysStringLen (param_1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0xc6 [0118.579] memcpy (in: _Dst=0x3a4988, _Src=0x3a4498, _Size=0x4d4 | out: _Dst=0x3a4988) returned 0x3a4988 [0118.579] memcpy (in: _Dst=0x3a4e5a, _Src=0x3c19e8, _Size=0x18e | out: _Dst=0x3a4e5a) returned 0x3a4e5a [0118.580] free (_Block=0x5ac880) [0118.580] malloc (_Size=0x18) returned 0x5ac880 [0118.580] malloc (_Size=0x18) returned 0x5aca80 [0118.580] SysStringLen (param_1=" cpu get nameQ9IATRKPRHroot\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AONIntel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x32f [0118.580] SysStringLen (param_1="") returned 0xa [0118.580] memcpy (in: _Dst=0x3a5008, _Src=0x3a4988, _Size=0x660 | out: _Dst=0x3a5008) returned 0x3a5008 [0118.580] memcpy (in: _Dst=0x3a5666, _Src=0x3cbae8, _Size=0x16 | out: _Dst=0x3a5666) returned 0x3a5666 [0118.580] free (_Block=0x5ac8a0) [0118.580] free (_Block=0x5ac880) [0118.581] GetCurrentThreadId () returned 0xdf0 [0118.581] ??0CHString@@QEAA@PEBG@Z () returned 0x1af5c8 [0118.581] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0x1af5c8 [0118.581] lstrlenW (lpString="LIST") returned 4 [0118.581] lstrlenW (lpString="get") returned 3 [0118.581] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="LIST", cchCount2=4) returned 1 [0118.581] lstrlenW (lpString="ASSOC") returned 5 [0118.581] lstrlenW (lpString="get") returned 3 [0118.581] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="ASSOC", cchCount2=5) returned 3 [0118.581] lstrlenW (lpString="GET") returned 3 [0118.581] lstrlenW (lpString="get") returned 3 [0118.582] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2 [0118.582] malloc (_Size=0x20a) returned 0x5ad9f0 [0118.582] GetSystemDirectoryW (in: lpBuffer=0x5ad9f0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0118.583] free (_Block=0x5ad9f0) [0118.583] malloc (_Size=0x18) returned 0x5ac880 [0118.583] malloc (_Size=0x18) returned 0x5ac8a0 [0118.583] malloc (_Size=0x18) returned 0x5ac8c0 [0118.583] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0118.583] SysStringLen (param_1="\\wbem\\") returned 0x6 [0118.583] memcpy (in: _Dst=0x3765d8, _Src=0x376628, _Size=0x28 | out: _Dst=0x3765d8) returned 0x3765d8 [0118.583] memcpy (in: _Dst=0x3765fe, _Src=0x3cbae8, _Size=0xe | out: _Dst=0x3765fe) returned 0x3765fe [0118.583] free (_Block=0x5ac880) [0118.584] free (_Block=0x5ac8a0) [0118.584] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32 [0118.584] free (_Block=0x5ac8c0) [0118.584] malloc (_Size=0x18) returned 0x5ac8c0 [0118.584] malloc (_Size=0x18) returned 0x5ac8a0 [0118.584] malloc (_Size=0x18) returned 0x5ac880 [0118.584] malloc (_Size=0x18) returned 0x5ac8e0 [0118.584] malloc (_Size=0x18) returned 0x5acb00 [0118.585] malloc (_Size=0x18) returned 0x5acb20 [0118.585] lstrlenW (lpString="TABLE") returned 5 [0118.585] lstrlenW (lpString="CSV") returned 3 [0118.585] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CSV", cchCount1=3, lpString2="TABLE", cchCount2=5) returned 1 [0118.585] lstrlenW (lpString="TABLE") returned 5 [0118.585] lstrlenW (lpString="HFORM") returned 5 [0118.585] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="HFORM", cchCount1=5, lpString2="TABLE", cchCount2=5) returned 1 [0118.585] lstrlenW (lpString="TABLE") returned 5 [0118.585] lstrlenW (lpString="HTABLE") returned 6 [0118.585] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="HTABLE", cchCount1=6, lpString2="TABLE", cchCount2=5) returned 1 [0118.585] lstrlenW (lpString="TABLE") returned 5 [0118.586] lstrlenW (lpString="LIST") returned 4 [0118.586] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="LIST", cchCount1=4, lpString2="TABLE", cchCount2=5) returned 1 [0118.586] lstrlenW (lpString="TABLE") returned 5 [0118.586] lstrlenW (lpString="MOF") returned 3 [0118.586] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MOF", cchCount1=3, lpString2="TABLE", cchCount2=5) returned 1 [0118.586] lstrlenW (lpString="TABLE") returned 5 [0118.586] lstrlenW (lpString="RAWXML") returned 6 [0118.586] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="RAWXML", cchCount1=6, lpString2="TABLE", cchCount2=5) returned 1 [0118.586] lstrlenW (lpString="TABLE") returned 5 [0118.586] lstrlenW (lpString="TABLE") returned 5 [0118.586] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="TABLE", cchCount1=5, lpString2="TABLE", cchCount2=5) returned 2 [0118.586] SysStringLen (param_1="texttable.xsl") returned 0xd [0118.586] SysStringLen (param_1="hform.xsl") returned 0x9 [0118.587] SysStringLen (param_1="texttable.xsl") returned 0xd [0118.587] SysStringLen (param_1="htable.xsl") returned 0xa [0118.587] SysStringLen (param_1="texttable.xsl") returned 0xd [0118.587] SysStringLen (param_1="csv.xsl") returned 0x7 [0118.587] SysStringLen (param_1="texttable.xsl") returned 0xd [0118.587] SysStringLen (param_1="mof.xsl") returned 0x7 [0118.587] SysStringLen (param_1="texttable.xsl") returned 0xd [0118.587] SysStringLen (param_1="xml.xsl") returned 0x7 [0118.587] malloc (_Size=0x18) returned 0x5aca60 [0118.587] malloc (_Size=0x18) returned 0x5ad220 [0118.587] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19 [0118.587] SysStringLen (param_1="\\") returned 0x1 [0118.588] memcpy (in: _Dst=0x3765d8, _Src=0x376628, _Size=0x34 | out: _Dst=0x3765d8) returned 0x3765d8 [0118.588] memcpy (in: _Dst=0x37660a, _Src=0x3cbb48, _Size=0x4 | out: _Dst=0x37660a) returned 0x37660a [0118.588] free (_Block=0x5aca60) [0118.588] malloc (_Size=0x18) returned 0x5aca60 [0118.588] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\\\") returned 0x1a [0118.588] SysStringLen (param_1="texttable.xsl") returned 0xd [0118.588] memcpy (in: _Dst=0x390678, _Src=0x3765d8, _Size=0x36 | out: _Dst=0x390678) returned 0x390678 [0118.588] memcpy (in: _Dst=0x3906ac, _Src=0x3066b8, _Size=0x1c | out: _Dst=0x3906ac) returned 0x3906ac [0118.588] free (_Block=0x5ad220) [0118.589] CreateFileW (lpFileName="C:\\Windows\\system32\\wbem\\\\texttable.xsl" (normalized: "c:\\windows\\system32\\wbem\\texttable.xsl"), dwDesiredAccess=0x0, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0118.589] CloseHandle (hObject=0x26c) returned 1 [0118.589] malloc (_Size=0x30) returned 0x5a8640 [0118.589] malloc (_Size=0x30) returned 0x5a8680 [0118.589] ??0CHString@@QEAA@PEBG@Z () returned 0x1af328 [0118.589] ?Right@CHString@@QEBA?AV1@H@Z () returned 0x1af320 [0118.589] ??0CHString@@QEAA@PEBG@Z () returned 0x1af378 [0118.589] _wcsicmp (_String1=".xsl", _String2=".xsl") returned 0 [0118.590] ??1CHString@@QEAA@XZ () returned 0x44006900060001 [0118.590] ??1CHString@@QEAA@XZ () returned 0x1 [0118.590] ??1CHString@@QEAA@XZ () returned 0x1434c401 [0118.590] malloc (_Size=0x30) returned 0x5a86c0 [0118.590] malloc (_Size=0x20) returned 0x5acc30 [0118.590] malloc (_Size=0x30) returned 0x5a8700 [0118.590] free (_Block=0x5a86c0) [0118.591] free (_Block=0x5a8680) [0118.591] free (_Block=0x5a8640) [0118.591] free (_Block=0x5acb20) [0118.591] free (_Block=0x5acb00) [0118.592] free (_Block=0x5ac8e0) [0118.592] free (_Block=0x5ac880) [0118.592] free (_Block=0x5ac8a0) [0118.592] free (_Block=0x5ac8c0) [0118.592] GetCurrentThreadId () returned 0xdf0 [0118.592] ??0CHString@@QEAA@XZ () returned 0x1af3d0 [0118.592] CoCreateInstance (in: rclsid=0xff9f7410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff9f73f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0xffa629e8 | out: ppv=0xffa629e8*=0x1f671d0) returned 0x0 [0118.595] FreeThreadedDOMDocument:IXMLDOMDocument:loadXML (in: This=0x1f671d0, bstrXML=" cpu get nameQ9IATRKPRHroot\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AONIntel(R) Core(TM) i5-7500 CPU @ 3.40GHz", isSuccessful=0x1af3b4 | out: isSuccessful=0x1af3b4*=0xffff) returned 0x0 [0118.598] ??0CHString@@QEAA@XZ () returned 0x1af0b0 [0118.598] GetCurrentThreadId () returned 0xdf0 [0118.598] malloc (_Size=0x20) returned 0x5accb0 [0118.598] malloc (_Size=0x30) returned 0x5a8640 [0118.598] CoCreateInstance (in: rclsid=0xff9f7420*(Data1=0x2933bf94, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), pUnkOuter=0x0, dwClsContext=0x15, riid=0xff9f7400*(Data1=0x2933bf93, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x1af0c8 | out: ppv=0x1af0c8*=0x1f67620) returned 0x0 [0118.603] CoCreateInstance (in: rclsid=0xff9f7410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x15, riid=0xff9f73f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x1af0e0 | out: ppv=0x1af0e0*=0x1f6b330) returned 0x0 [0118.604] FreeThreadedDOMDocument:IXMLDOMDocument:put_async (This=0x1f6b330, async=0) returned 0x0 [0118.604] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\\\texttable.xsl") returned 0x4e [0118.605] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x1f6b330, xmlSource=0x1af280*(varType=0x8, wReserved1=0x1f6, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\\\texttable.xsl", varVal2=0x0), isSuccessful=0x1af378 | out: isSuccessful=0x1af378*=0xffff) returned 0x0 [0118.650] XSLTemplate:IXSLTemplate:putref_stylesheet (This=0x1f67620, stylesheet=0x1f6b330) returned 0x0 [0118.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1acec0 | out: lpSystemTimeAsFileTime=0x1acec0*(dwLowDateTime=0x95d131e0, dwHighDateTime=0x1da5d2f)) [0118.715] GetCurrentProcessId () returned 0xdec [0118.715] GetCurrentThreadId () returned 0xdf0 [0118.715] GetTickCount () returned 0x14dc5b5 [0118.715] QueryPerformanceCounter (in: lpPerformanceCount=0x1acec8 | out: lpPerformanceCount=0x1acec8*=2201951005578) returned 1 [0118.716] malloc (_Size=0x100) returned 0x5a9ff0 [0118.717] __dllonexit () returned 0x7fef4b5bfc0 [0118.717] __dllonexit () returned 0x7fef4b5bfa8 [0118.718] __dllonexit () returned 0x7fef4b5bfd4 [0118.719] GetUserDefaultLCID () returned 0x409 [0118.719] GetVersion () returned 0x1db10106 [0118.723] ??2@YAPEAX_K@Z () returned 0x5ad9f0 [0118.724] ??2@YAPEAX_K@Z () returned 0x5ada50 [0118.725] GetUserDefaultLCID () returned 0x409 [0118.725] GetACP () returned 0x4e4 [0118.726] ??3@YAXPEAX@Z () returned 0x1434c401 [0118.728] GetCurrentThreadId () returned 0xdf0 [0118.729] ??2@YAPEAX_K@Z () returned 0x5adde0 [0118.729] GetCurrentThreadId () returned 0xdf0 [0118.729] ??2@YAPEAX_K@Z () returned 0x5acce0 [0118.729] ??2@YAPEAX_K@Z () returned 0x5a8680 [0118.729] ??2@YAPEAX_K@Z () returned 0x5adec0 [0118.729] ??2@YAPEAX_K@Z () returned 0x5a86c0 [0118.729] GetCurrentThreadId () returned 0xdf0 [0118.729] ??2@YAPEAX_K@Z () returned 0x5adf90 [0118.730] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0118.731] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x1aebd0, cchData=6 | out: lpLCData="1252") returned 5 [0118.731] IsValidCodePage (CodePage=0x4e4) returned 1 [0118.732] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefdf10000 [0118.733] GetProcAddress (hModule=0x7fefdf10000, lpProcName="CoCreateInstance") returned 0x7fefdf37490 [0118.733] CoCreateInstance (in: rclsid=0x7fef4bad5a8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef4bad5b8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x5add98 | out: ppv=0x5add98*=0x3890a0) returned 0x0 [0118.733] IUnknown:AddRef (This=0x3890a0) returned 0x2 [0118.734] GetCurrentProcessId () returned 0xdec [0118.734] GetCurrentThreadId () returned 0xdf0 [0118.734] GetTickCount () returned 0x14dc5c4 [0118.734] ISystemDebugEventFire:BeginSession (This=0x3890a0, guidSourceID=0x7fef4bad5d8, strSessionName="VBScript:00003564:00003568:21874116") returned 0x0 [0118.734] DllRegisterServer () returned 0x0 [0118.736] GetCurrentThreadId () returned 0xdf0 [0118.736] realloc (_Block=0x0, _Size=0xc8) returned 0x5ae020 [0118.736] memcpy (in: _Dst=0x5ae020, _Src=0x7fef4bc0800, _Size=0x10 | out: _Dst=0x5ae020) returned 0x5ae020 [0118.736] memcpy (in: _Dst=0x5ae030, _Src=0x7fef4baf2c8, _Size=0x6 | out: _Dst=0x5ae030) returned 0x5ae030 [0118.736] memcpy (in: _Dst=0x5ae036, _Src=0x7fef4baf2d0, _Size=0x18 | out: _Dst=0x5ae036) returned 0x5ae036 [0118.736] ??2@YAPEAX_K@Z () returned 0x5a8740 [0118.737] malloc (_Size=0x1008) returned 0x5ae0f0 [0118.737] ??2@YAPEAX_K@Z () returned 0x5af100 [0118.737] malloc (_Size=0x400) returned 0x5af290 [0118.737] malloc (_Size=0x108) returned 0x5aa100 [0118.738] malloc (_Size=0x2008) returned 0x1bdfd0 [0118.738] memcpy (in: _Dst=0x1be004, _Src=0x1f76cd2, _Size=0xc | out: _Dst=0x1be004) returned 0x1be004 [0118.738] memcpy (in: _Dst=0x1be044, _Src=0x1f76ce0, _Size=0x10 | out: _Dst=0x1be044) returned 0x1be044 [0118.738] memcpy (in: _Dst=0x1be08c, _Src=0x1f76df0, _Size=0x6 | out: _Dst=0x1be08c) returned 0x1be08c [0118.738] memcpy (in: _Dst=0x1be0c4, _Src=0x1f76df8, _Size=0xa | out: _Dst=0x1be0c4) returned 0x1be0c4 [0118.739] memcpy (in: _Dst=0x1be104, _Src=0x1f76e0c, _Size=0x10 | out: _Dst=0x1be104) returned 0x1be104 [0118.739] memcpy (in: _Dst=0x1be14c, _Src=0x1f76e30, _Size=0xc | out: _Dst=0x1be14c) returned 0x1be14c [0118.739] malloc (_Size=0x208) returned 0x5af6a0 [0118.739] memcpy (in: _Dst=0x1be18c, _Src=0x1f76e50, _Size=0x4 | out: _Dst=0x1be18c) returned 0x1be18c [0118.740] memcpy (in: _Dst=0x1be1c4, _Src=0x1f76e68, _Size=0xa | out: _Dst=0x1be1c4) returned 0x1be1c4 [0118.740] memcpy (in: _Dst=0x1be204, _Src=0x1f76e7c, _Size=0x10 | out: _Dst=0x1be204) returned 0x1be204 [0118.740] memcpy (in: _Dst=0x1be24c, _Src=0x1f76e96, _Size=0x12 | out: _Dst=0x1be24c) returned 0x1be24c [0118.740] malloc (_Size=0x408) returned 0x5af8b0 [0118.740] memcpy (in: _Dst=0x1be294, _Src=0x1f76ec8, _Size=0x8 | out: _Dst=0x1be294) returned 0x1be294 [0118.741] memcpy (in: _Dst=0x1be2d4, _Src=0x1f76ef0, _Size=0x18 | out: _Dst=0x1be2d4) returned 0x1be2d4 [0118.741] memcpy (in: _Dst=0x1be324, _Src=0x1f76f0a, _Size=0x10 | out: _Dst=0x1be324) returned 0x1be324 [0118.741] memcpy (in: _Dst=0x1be36c, _Src=0x1f76f1c, _Size=0x18 | out: _Dst=0x1be36c) returned 0x1be36c [0118.741] memcpy (in: _Dst=0x1be3bc, _Src=0x1f76f36, _Size=0x2 | out: _Dst=0x1be3bc) returned 0x1be3bc [0118.741] memcpy (in: _Dst=0x1be3f4, _Src=0x1f76f84, _Size=0x6 | out: _Dst=0x1be3f4) returned 0x1be3f4 [0118.741] malloc (_Size=0x808) returned 0x1bffe0 [0118.742] memcpy (in: _Dst=0x1be42c, _Src=0x1f76fb0, _Size=0xa | out: _Dst=0x1be42c) returned 0x1be42c [0118.742] memcpy (in: _Dst=0x1be46c, _Src=0x1f76fbc, _Size=0x8 | out: _Dst=0x1be46c) returned 0x1be46c [0118.742] memcpy (in: _Dst=0x1be4ac, _Src=0x1f76fd8, _Size=0x2 | out: _Dst=0x1be4ac) returned 0x1be4ac [0118.742] memcpy (in: _Dst=0x1be4e4, _Src=0x1f76fec, _Size=0x8 | out: _Dst=0x1be4e4) returned 0x1be4e4 [0118.743] memcpy (in: _Dst=0x1be524, _Src=0x5af16c, _Size=0x20 | out: _Dst=0x1be524) returned 0x1be524 [0118.743] memcpy (in: _Dst=0x1be57c, _Src=0x1f7705c, _Size=0xa | out: _Dst=0x1be57c) returned 0x1be57c [0118.743] memcpy (in: _Dst=0x1be5bc, _Src=0x1f77072, _Size=0x6 | out: _Dst=0x1be5bc) returned 0x1be5bc [0118.743] memcpy (in: _Dst=0x1be5f4, _Src=0x1f770b8, _Size=0x8 | out: _Dst=0x1be5f4) returned 0x1be5f4 [0118.744] memcpy (in: _Dst=0x1be634, _Src=0x1f770da, _Size=0x8 | out: _Dst=0x1be634) returned 0x1be634 [0118.744] memcpy (in: _Dst=0x1be674, _Src=0x1f77122, _Size=0x16 | out: _Dst=0x1be674) returned 0x1be674 [0118.744] malloc (_Size=0x1008) returned 0x1c07f0 [0118.745] memcpy (in: _Dst=0x1be6bc, _Src=0x1f771d8, _Size=0x12 | out: _Dst=0x1be6bc) returned 0x1be6bc [0118.745] memcpy (in: _Dst=0x1be704, _Src=0x1f77202, _Size=0xa | out: _Dst=0x1be704) returned 0x1be704 [0118.745] memcpy (in: _Dst=0x1be744, _Src=0x1f77210, _Size=0x8 | out: _Dst=0x1be744) returned 0x1be744 [0118.745] memcpy (in: _Dst=0x1be784, _Src=0x1f77222, _Size=0xe | out: _Dst=0x1be784) returned 0x1be784 [0118.745] memcpy (in: _Dst=0x1be7c4, _Src=0x1f7723a, _Size=0x4 | out: _Dst=0x1be7c4) returned 0x1be7c4 [0118.746] memcpy (in: _Dst=0x1be7fc, _Src=0x1f77252, _Size=0x8 | out: _Dst=0x1be7fc) returned 0x1be7fc [0118.746] memcpy (in: _Dst=0x1be83c, _Src=0x1f772f8, _Size=0x4 | out: _Dst=0x1be83c) returned 0x1be83c [0118.746] memcpy (in: _Dst=0x1be874, _Src=0x1f772fe, _Size=0x14 | out: _Dst=0x1be874) returned 0x1be874 [0118.746] memcpy (in: _Dst=0x1be8bc, _Src=0x1f77314, _Size=0x18 | out: _Dst=0x1be8bc) returned 0x1be8bc [0118.747] memcpy (in: _Dst=0x1be90c, _Src=0x5af16c, _Size=0x8 | out: _Dst=0x1be90c) returned 0x1be90c [0118.747] memcpy (in: _Dst=0x1be94c, _Src=0x1f7733e, _Size=0xa | out: _Dst=0x1be94c) returned 0x1be94c [0118.747] memcpy (in: _Dst=0x1be98c, _Src=0x1f77352, _Size=0x8 | out: _Dst=0x1be98c) returned 0x1be98c [0118.748] memcpy (in: _Dst=0x1be9cc, _Src=0x1f774c2, _Size=0xe | out: _Dst=0x1be9cc) returned 0x1be9cc [0118.748] memcpy (in: _Dst=0x1bea0c, _Src=0x1f774d8, _Size=0x10 | out: _Dst=0x1bea0c) returned 0x1bea0c [0118.748] memcpy (in: _Dst=0x1bea54, _Src=0x5af16c, _Size=0x1c | out: _Dst=0x1bea54) returned 0x1bea54 [0118.749] memcpy (in: _Dst=0x1beaa4, _Src=0x1f77534, _Size=0x1a | out: _Dst=0x1beaa4) returned 0x1beaa4 [0118.749] memcpy (in: _Dst=0x1beaf4, _Src=0x5af16c, _Size=0x2 | out: _Dst=0x1beaf4) returned 0x1beaf4 [0118.749] memcpy (in: _Dst=0x1beb2c, _Src=0x1f775b2, _Size=0x14 | out: _Dst=0x1beb2c) returned 0x1beb2c [0118.749] memcpy (in: _Dst=0x1beb74, _Src=0x1f775c8, _Size=0x14 | out: _Dst=0x1beb74) returned 0x1beb74 [0118.749] memcpy (in: _Dst=0x1bebbc, _Src=0x1f775de, _Size=0xc | out: _Dst=0x1bebbc) returned 0x1bebbc [0118.752] memcpy (in: _Dst=0x1bebfc, _Src=0x5af16c, _Size=0x8 | out: _Dst=0x1bebfc) returned 0x1bebfc [0118.752] memcpy (in: _Dst=0x1bec3c, _Src=0x1f7765a, _Size=0x12 | out: _Dst=0x1bec3c) returned 0x1bec3c [0118.752] memcpy (in: _Dst=0x1bec84, _Src=0x1f77672, _Size=0x6 | out: _Dst=0x1bec84) returned 0x1bec84 [0118.752] memcpy (in: _Dst=0x1becbc, _Src=0x1f7767a, _Size=0x8 | out: _Dst=0x1becbc) returned 0x1becbc [0118.752] memcpy (in: _Dst=0x1becfc, _Src=0x1f77690, _Size=0x4 | out: _Dst=0x1becfc) returned 0x1becfc [0118.753] memcpy (in: _Dst=0x1bed34, _Src=0x5af16c, _Size=0xc | out: _Dst=0x1bed34) returned 0x1bed34 [0118.753] memcpy (in: _Dst=0x1bed74, _Src=0x5af16c, _Size=0x2 | out: _Dst=0x1bed74) returned 0x1bed74 [0118.753] malloc (_Size=0x2008) returned 0x1c1800 [0118.754] memcpy (in: _Dst=0x1bedac, _Src=0x1f777a0, _Size=0x1c | out: _Dst=0x1bedac) returned 0x1bedac [0118.754] memcpy (in: _Dst=0x1bedfc, _Src=0x1f777d8, _Size=0xc | out: _Dst=0x1bedfc) returned 0x1bedfc [0118.754] memcpy (in: _Dst=0x1bee3c, _Src=0x5af16c, _Size=0xc | out: _Dst=0x1bee3c) returned 0x1bee3c [0118.755] memcpy (in: _Dst=0x1bee7c, _Src=0x5af16c, _Size=0x2 | out: _Dst=0x1bee7c) returned 0x1bee7c [0118.757] memcpy (in: _Dst=0x1beeb4, _Src=0x5af16c, _Size=0x4 | out: _Dst=0x1beeb4) returned 0x1beeb4 [0118.757] memcpy (in: _Dst=0x1beeec, _Src=0x1f77aa0, _Size=0x8 | out: _Dst=0x1beeec) returned 0x1beeec [0118.758] memcpy (in: _Dst=0x1bef2c, _Src=0x5af16c, _Size=0x2 | out: _Dst=0x1bef2c) returned 0x1bef2c [0118.758] memcpy (in: _Dst=0x1bef64, _Src=0x5af16c, _Size=0x24 | out: _Dst=0x1bef64) returned 0x1bef64 [0118.758] memcpy (in: _Dst=0x1befbc, _Src=0x1f77bb4, _Size=0xc | out: _Dst=0x1befbc) returned 0x1befbc [0118.758] memcpy (in: _Dst=0x1beffc, _Src=0x1f77bc4, _Size=0x8 | out: _Dst=0x1beffc) returned 0x1beffc [0118.758] memcpy (in: _Dst=0x1bf03c, _Src=0x1f77bd0, _Size=0x10 | out: _Dst=0x1bf03c) returned 0x1bf03c [0118.759] memcpy (in: _Dst=0x1bf084, _Src=0x1f77be4, _Size=0x1c | out: _Dst=0x1bf084) returned 0x1bf084 [0118.759] memcpy (in: _Dst=0x1bf0d4, _Src=0x1f77c04, _Size=0x1a | out: _Dst=0x1bf0d4) returned 0x1bf0d4 [0118.759] memcpy (in: _Dst=0x1bf124, _Src=0x1f77c22, _Size=0x16 | out: _Dst=0x1bf124) returned 0x1bf124 [0118.759] memcpy (in: _Dst=0x1bf16c, _Src=0x1f77c3c, _Size=0x14 | out: _Dst=0x1bf16c) returned 0x1bf16c [0118.759] memcpy (in: _Dst=0x1bf1b4, _Src=0x1f77c80, _Size=0x16 | out: _Dst=0x1bf1b4) returned 0x1bf1b4 [0118.759] memcpy (in: _Dst=0x1bf1fc, _Src=0x5af16c, _Size=0x1e | out: _Dst=0x1bf1fc) returned 0x1bf1fc [0118.759] memcpy (in: _Dst=0x1bf24c, _Src=0x5af16c, _Size=0x20 | out: _Dst=0x1bf24c) returned 0x1bf24c [0118.760] memcpy (in: _Dst=0x1bf2a4, _Src=0x1f77d38, _Size=0x6 | out: _Dst=0x1bf2a4) returned 0x1bf2a4 [0118.760] memcpy (in: _Dst=0x1bf2dc, _Src=0x1f77d60, _Size=0x20 | out: _Dst=0x1bf2dc) returned 0x1bf2dc [0118.760] memcpy (in: _Dst=0x1bf334, _Src=0x5af16c, _Size=0x8 | out: _Dst=0x1bf334) returned 0x1bf334 [0118.760] memcpy (in: _Dst=0x1bf374, _Src=0x1f77d9e, _Size=0x6 | out: _Dst=0x1bf374) returned 0x1bf374 [0118.760] memcpy (in: _Dst=0x1bf3ac, _Src=0x1f77db8, _Size=0x4 | out: _Dst=0x1bf3ac) returned 0x1bf3ac [0118.760] memcpy (in: _Dst=0x1bf3e4, _Src=0x1f77dbe, _Size=0xe | out: _Dst=0x1bf3e4) returned 0x1bf3e4 [0118.761] memcpy (in: _Dst=0x1bf424, _Src=0x5af16c, _Size=0x4 | out: _Dst=0x1bf424) returned 0x1bf424 [0118.761] memcpy (in: _Dst=0x1bf45c, _Src=0x1f77e32, _Size=0x8 | out: _Dst=0x1bf45c) returned 0x1bf45c [0118.761] memcpy (in: _Dst=0x1bf49c, _Src=0x5af16c, _Size=0x24 | out: _Dst=0x1bf49c) returned 0x1bf49c [0118.762] memcpy (in: _Dst=0x1bf4f4, _Src=0x5af16c, _Size=0x12 | out: _Dst=0x1bf4f4) returned 0x1bf4f4 [0118.763] memcpy (in: _Dst=0x1bf53c, _Src=0x5af16c, _Size=0x2 | out: _Dst=0x1bf53c) returned 0x1bf53c [0118.763] memcpy (in: _Dst=0x1bf574, _Src=0x5af16c, _Size=0x2 | out: _Dst=0x1bf574) returned 0x1bf574 [0118.764] memcpy (in: _Dst=0x1bf5ac, _Src=0x5af16c, _Size=0x1e | out: _Dst=0x1bf5ac) returned 0x1bf5ac [0118.764] memcpy (in: _Dst=0x1bf5fc, _Src=0x5af16c, _Size=0x12 | out: _Dst=0x1bf5fc) returned 0x1bf5fc [0118.764] malloc (_Size=0x4008) returned 0x1c3810 [0118.765] memcpy (in: _Dst=0x1bf644, _Src=0x5af16c, _Size=0x14 | out: _Dst=0x1bf644) returned 0x1bf644 [0118.767] memcpy (in: _Dst=0x1bf68c, _Src=0x5af16c, _Size=0x2 | out: _Dst=0x1bf68c) returned 0x1bf68c [0118.767] memcpy (in: _Dst=0x1bf6c4, _Src=0x5af16c, _Size=0x4 | out: _Dst=0x1bf6c4) returned 0x1bf6c4 [0118.768] memcpy (in: _Dst=0x1bf6fc, _Src=0x5af16c, _Size=0x10 | out: _Dst=0x1bf6fc) returned 0x1bf6fc [0118.768] memcpy (in: _Dst=0x1bf744, _Src=0x5af16c, _Size=0x2 | out: _Dst=0x1bf744) returned 0x1bf744 [0118.768] memcpy (in: _Dst=0x1bf77c, _Src=0x1f786b6, _Size=0xe | out: _Dst=0x1bf77c) returned 0x1bf77c [0118.768] memcpy (in: _Dst=0x1bf7bc, _Src=0x1f786fc, _Size=0x8 | out: _Dst=0x1bf7bc) returned 0x1bf7bc [0118.768] memcpy (in: _Dst=0x1bf7fc, _Src=0x5af16c, _Size=0x0 | out: _Dst=0x1bf7fc) returned 0x1bf7fc [0118.768] memcpy (in: _Dst=0x1bf834, _Src=0x1f78712, _Size=0x8 | out: _Dst=0x1bf834) returned 0x1bf834 [0118.768] memcpy (in: _Dst=0x1bf874, _Src=0x1f78794, _Size=0x1a | out: _Dst=0x1bf874) returned 0x1bf874 [0118.769] memcpy (in: _Dst=0x1bf8c4, _Src=0x1f787c6, _Size=0x4 | out: _Dst=0x1bf8c4) returned 0x1bf8c4 [0118.769] memcpy (in: _Dst=0x1bf8fc, _Src=0x1f787dc, _Size=0x4 | out: _Dst=0x1bf8fc) returned 0x1bf8fc [0118.769] memcpy (in: _Dst=0x1bf934, _Src=0x1f78806, _Size=0x2 | out: _Dst=0x1bf934) returned 0x1bf934 [0118.769] memcpy (in: _Dst=0x1bf96c, _Src=0x1f7881a, _Size=0x2 | out: _Dst=0x1bf96c) returned 0x1bf96c [0118.769] memcpy (in: _Dst=0x1bf9a4, _Src=0x1f78974, _Size=0x12 | out: _Dst=0x1bf9a4) returned 0x1bf9a4 [0118.770] memcpy (in: _Dst=0x1bf9ec, _Src=0x5af16c, _Size=0x4 | out: _Dst=0x1bf9ec) returned 0x1bf9ec [0118.770] memcpy (in: _Dst=0x1bfa24, _Src=0x1f790a2, _Size=0xc | out: _Dst=0x1bfa24) returned 0x1bfa24 [0118.770] memcpy (in: _Dst=0x1bfa64, _Src=0x1f79170, _Size=0x6 | out: _Dst=0x1bfa64) returned 0x1bfa64 [0118.770] memcpy (in: _Dst=0x1bfa9c, _Src=0x1f7918a, _Size=0x4 | out: _Dst=0x1bfa9c) returned 0x1bfa9c [0118.770] memcpy (in: _Dst=0x1bfad4, _Src=0x1f7920e, _Size=0x4 | out: _Dst=0x1bfad4) returned 0x1bfad4 [0118.771] memcpy (in: _Dst=0x1bfb0c, _Src=0x1f79234, _Size=0x8 | out: _Dst=0x1bfb0c) returned 0x1bfb0c [0118.771] memcpy (in: _Dst=0x1bfb4c, _Src=0x1f7923e, _Size=0x6 | out: _Dst=0x1bfb4c) returned 0x1bfb4c [0118.771] memcpy (in: _Dst=0x1bfb84, _Src=0x1f7927a, _Size=0x4 | out: _Dst=0x1bfb84) returned 0x1bfb84 [0118.771] ??3@YAXPEAX@Z () returned 0x1434c401 [0118.771] malloc (_Size=0x320) returned 0x1c7820 [0118.772] malloc (_Size=0x4008) returned 0x1c7b50 [0118.773] realloc (_Block=0x1c7820, _Size=0x4b0) returned 0x1cbb60 [0118.777] malloc (_Size=0x4008) returned 0x1cc020 [0118.777] memcpy (in: _Dst=0x1cc020, _Src=0x1ae660, _Size=0x30 | out: _Dst=0x1cc020) returned 0x1cc020 [0118.777] memcpy (in: _Dst=0x1cc058, _Src=0x1be36c, _Size=0x1a | out: _Dst=0x1cc058) returned 0x1cc058 [0118.777] memcpy (in: _Dst=0x1cc07c, _Src=0x1be42c, _Size=0xc | out: _Dst=0x1cc07c) returned 0x1cc07c [0118.777] memcpy (in: _Dst=0x1cc090, _Src=0x1be674, _Size=0x18 | out: _Dst=0x1cc090) returned 0x1cc090 [0118.777] memcpy (in: _Dst=0x1cc0b0, _Src=0x1be6bc, _Size=0x14 | out: _Dst=0x1cc0b0) returned 0x1cc0b0 [0118.777] memcpy (in: _Dst=0x1cc0cc, _Src=0x1bf874, _Size=0x1c | out: _Dst=0x1cc0cc) returned 0x1cc0cc [0118.777] memcpy (in: _Dst=0x1cc0f0, _Src=0x1bf9a4, _Size=0x14 | out: _Dst=0x1cc0f0) returned 0x1cc0f0 [0118.777] memcpy (in: _Dst=0x1cc10c, _Src=0x1be0c4, _Size=0xc | out: _Dst=0x1cc10c) returned 0x1cc10c [0118.777] memcpy (in: _Dst=0x1cc120, _Src=0x1be104, _Size=0x12 | out: _Dst=0x1cc120) returned 0x1cc120 [0118.777] memcpy (in: _Dst=0x1cc13c, _Src=0x1be14c, _Size=0xe | out: _Dst=0x1cc13c) returned 0x1cc13c [0118.777] memcpy (in: _Dst=0x1cc154, _Src=0x1be18c, _Size=0x6 | out: _Dst=0x1cc154) returned 0x1cc154 [0118.778] memcpy (in: _Dst=0x1cc164, _Src=0x1be1c4, _Size=0xc | out: _Dst=0x1cc164) returned 0x1cc164 [0118.778] memcpy (in: _Dst=0x1cc178, _Src=0x1be204, _Size=0x12 | out: _Dst=0x1cc178) returned 0x1cc178 [0118.778] memcpy (in: _Dst=0x1cc194, _Src=0x1be24c, _Size=0x14 | out: _Dst=0x1cc194) returned 0x1cc194 [0118.778] memcpy (in: _Dst=0x1cc1b0, _Src=0x1be294, _Size=0xa | out: _Dst=0x1cc1b0) returned 0x1cc1b0 [0118.778] memcpy (in: _Dst=0x1cc1c4, _Src=0x1be2d4, _Size=0x1a | out: _Dst=0x1cc1c4) returned 0x1cc1c4 [0118.778] memcpy (in: _Dst=0x1cc1e8, _Src=0x1be3bc, _Size=0x4 | out: _Dst=0x1cc1e8) returned 0x1cc1e8 [0118.778] memcpy (in: _Dst=0x1cc1f4, _Src=0x1be46c, _Size=0xa | out: _Dst=0x1cc1f4) returned 0x1cc1f4 [0118.778] memcpy (in: _Dst=0x1cc208, _Src=0x1be4ac, _Size=0x4 | out: _Dst=0x1cc208) returned 0x1cc208 [0118.778] memcpy (in: _Dst=0x1cc214, _Src=0x1be4e4, _Size=0xa | out: _Dst=0x1cc214) returned 0x1cc214 [0118.778] memcpy (in: _Dst=0x1cc228, _Src=0x1be524, _Size=0x22 | out: _Dst=0x1cc228) returned 0x1cc228 [0118.778] memcpy (in: _Dst=0x1cc254, _Src=0x1be5bc, _Size=0x8 | out: _Dst=0x1cc254) returned 0x1cc254 [0118.778] memcpy (in: _Dst=0x1cc264, _Src=0x1be634, _Size=0xa | out: _Dst=0x1cc264) returned 0x1cc264 [0118.778] memcpy (in: _Dst=0x1cc278, _Src=0x1be704, _Size=0xc | out: _Dst=0x1cc278) returned 0x1cc278 [0118.779] memcpy (in: _Dst=0x1cc28c, _Src=0x1be744, _Size=0xa | out: _Dst=0x1cc28c) returned 0x1cc28c [0118.779] memcpy (in: _Dst=0x1cc2a0, _Src=0x1be784, _Size=0x10 | out: _Dst=0x1cc2a0) returned 0x1cc2a0 [0118.779] memcpy (in: _Dst=0x1cc2b8, _Src=0x1befbc, _Size=0xe | out: _Dst=0x1cc2b8) returned 0x1cc2b8 [0118.779] memcpy (in: _Dst=0x1cc2d0, _Src=0x1beffc, _Size=0xa | out: _Dst=0x1cc2d0) returned 0x1cc2d0 [0118.779] memcpy (in: _Dst=0x1cc2e4, _Src=0x1bf03c, _Size=0x12 | out: _Dst=0x1cc2e4) returned 0x1cc2e4 [0118.779] memcpy (in: _Dst=0x1cc300, _Src=0x1bf084, _Size=0x1e | out: _Dst=0x1cc300) returned 0x1cc300 [0118.779] memcpy (in: _Dst=0x1cc328, _Src=0x1bf0d4, _Size=0x1c | out: _Dst=0x1cc328) returned 0x1cc328 [0118.779] memcpy (in: _Dst=0x1cc34c, _Src=0x1bf124, _Size=0x18 | out: _Dst=0x1cc34c) returned 0x1cc34c [0118.779] memcpy (in: _Dst=0x1cc36c, _Src=0x1bf16c, _Size=0x16 | out: _Dst=0x1cc36c) returned 0x1cc36c [0118.779] memcpy (in: _Dst=0x1cc38c, _Src=0x1be874, _Size=0x16 | out: _Dst=0x1cc38c) returned 0x1cc38c [0118.779] memcpy (in: _Dst=0x1cc3ac, _Src=0x1be90c, _Size=0xa | out: _Dst=0x1cc3ac) returned 0x1cc3ac [0118.779] memcpy (in: _Dst=0x1cc3c0, _Src=0x1be8bc, _Size=0x1a | out: _Dst=0x1cc3c0) returned 0x1cc3c0 [0118.779] memcpy (in: _Dst=0x1cc3e4, _Src=0x1be94c, _Size=0xc | out: _Dst=0x1cc3e4) returned 0x1cc3e4 [0118.779] memcpy (in: _Dst=0x1cc3f8, _Src=0x1bea0c, _Size=0x12 | out: _Dst=0x1cc3f8) returned 0x1cc3f8 [0118.780] memcpy (in: _Dst=0x1cc414, _Src=0x1bea54, _Size=0x1e | out: _Dst=0x1cc414) returned 0x1cc414 [0118.780] memcpy (in: _Dst=0x1cc43c, _Src=0x1be9cc, _Size=0x10 | out: _Dst=0x1cc43c) returned 0x1cc43c [0118.780] memcpy (in: _Dst=0x1cc454, _Src=0x1beaa4, _Size=0x1c | out: _Dst=0x1cc454) returned 0x1cc454 [0118.780] memcpy (in: _Dst=0x1cc478, _Src=0x1beaf4, _Size=0x4 | out: _Dst=0x1cc478) returned 0x1cc478 [0118.780] memcpy (in: _Dst=0x1cc484, _Src=0x1beb2c, _Size=0x16 | out: _Dst=0x1cc484) returned 0x1cc484 [0118.780] memcpy (in: _Dst=0x1cc4a4, _Src=0x1beb74, _Size=0x16 | out: _Dst=0x1cc4a4) returned 0x1cc4a4 [0118.780] memcpy (in: _Dst=0x1cc4c4, _Src=0x1bebbc, _Size=0xe | out: _Dst=0x1cc4c4) returned 0x1cc4c4 [0118.780] memcpy (in: _Dst=0x1cc4dc, _Src=0x1bebfc, _Size=0xa | out: _Dst=0x1cc4dc) returned 0x1cc4dc [0118.780] memcpy (in: _Dst=0x1cc4f0, _Src=0x1bec3c, _Size=0x14 | out: _Dst=0x1cc4f0) returned 0x1cc4f0 [0118.780] memcpy (in: _Dst=0x1cc50c, _Src=0x1bed34, _Size=0xe | out: _Dst=0x1cc50c) returned 0x1cc50c [0118.780] memcpy (in: _Dst=0x1cc524, _Src=0x1bed74, _Size=0x4 | out: _Dst=0x1cc524) returned 0x1cc524 [0118.780] memcpy (in: _Dst=0x1cc530, _Src=0x1bedac, _Size=0x1e | out: _Dst=0x1cc530) returned 0x1cc530 [0118.780] memcpy (in: _Dst=0x1cc558, _Src=0x1bee3c, _Size=0xe | out: _Dst=0x1cc558) returned 0x1cc558 [0118.780] memcpy (in: _Dst=0x1cc570, _Src=0x1bee7c, _Size=0x4 | out: _Dst=0x1cc570) returned 0x1cc570 [0118.780] memcpy (in: _Dst=0x1cc57c, _Src=0x1beeb4, _Size=0x6 | out: _Dst=0x1cc57c) returned 0x1cc57c [0118.781] memcpy (in: _Dst=0x1cc58c, _Src=0x1bef2c, _Size=0x4 | out: _Dst=0x1cc58c) returned 0x1cc58c [0118.781] memcpy (in: _Dst=0x1cc598, _Src=0x1bef64, _Size=0x26 | out: _Dst=0x1cc598) returned 0x1cc598 [0118.781] memcpy (in: _Dst=0x1cc5c8, _Src=0x1bf1fc, _Size=0x20 | out: _Dst=0x1cc5c8) returned 0x1cc5c8 [0118.781] memcpy (in: _Dst=0x1cc5f0, _Src=0x1bf1b4, _Size=0x18 | out: _Dst=0x1cc5f0) returned 0x1cc5f0 [0118.781] memcpy (in: _Dst=0x1cc610, _Src=0x1bf24c, _Size=0x22 | out: _Dst=0x1cc610) returned 0x1cc610 [0118.781] memcpy (in: _Dst=0x1cc63c, _Src=0x1bf334, _Size=0xa | out: _Dst=0x1cc63c) returned 0x1cc63c [0118.781] memcpy (in: _Dst=0x1cc650, _Src=0x1bf2dc, _Size=0x22 | out: _Dst=0x1cc650) returned 0x1cc650 [0118.781] memcpy (in: _Dst=0x1cc67c, _Src=0x1bf424, _Size=0x6 | out: _Dst=0x1cc67c) returned 0x1cc67c [0118.781] memcpy (in: _Dst=0x1cc68c, _Src=0x1bf45c, _Size=0xa | out: _Dst=0x1cc68c) returned 0x1cc68c [0118.781] memcpy (in: _Dst=0x1cc6a0, _Src=0x1bf49c, _Size=0x26 | out: _Dst=0x1cc6a0) returned 0x1cc6a0 [0118.782] memcpy (in: _Dst=0x1cc6d0, _Src=0x1bf4f4, _Size=0x14 | out: _Dst=0x1cc6d0) returned 0x1cc6d0 [0118.782] memcpy (in: _Dst=0x1cc6ec, _Src=0x1bf53c, _Size=0x4 | out: _Dst=0x1cc6ec) returned 0x1cc6ec [0118.782] memcpy (in: _Dst=0x1cc6f8, _Src=0x1bf574, _Size=0x4 | out: _Dst=0x1cc6f8) returned 0x1cc6f8 [0118.782] memcpy (in: _Dst=0x1cc704, _Src=0x1bf5ac, _Size=0x20 | out: _Dst=0x1cc704) returned 0x1cc704 [0118.782] memcpy (in: _Dst=0x1cc72c, _Src=0x1bf5fc, _Size=0x14 | out: _Dst=0x1cc72c) returned 0x1cc72c [0118.782] memcpy (in: _Dst=0x1cc748, _Src=0x1bf644, _Size=0x16 | out: _Dst=0x1cc748) returned 0x1cc748 [0118.782] memcpy (in: _Dst=0x1cc768, _Src=0x1bf68c, _Size=0x4 | out: _Dst=0x1cc768) returned 0x1cc768 [0118.782] memcpy (in: _Dst=0x1cc774, _Src=0x1bf6c4, _Size=0x6 | out: _Dst=0x1cc774) returned 0x1cc774 [0118.782] memcpy (in: _Dst=0x1cc784, _Src=0x1bf6fc, _Size=0x12 | out: _Dst=0x1cc784) returned 0x1cc784 [0118.782] memcpy (in: _Dst=0x1cc7a0, _Src=0x1bf744, _Size=0x4 | out: _Dst=0x1cc7a0) returned 0x1cc7a0 [0118.782] memcpy (in: _Dst=0x1cc7ac, _Src=0x1bf7bc, _Size=0xa | out: _Dst=0x1cc7ac) returned 0x1cc7ac [0118.782] memcpy (in: _Dst=0x1cc7c0, _Src=0x1bf7fc, _Size=0x2 | out: _Dst=0x1cc7c0) returned 0x1cc7c0 [0118.782] memcpy (in: _Dst=0x1cc7cc, _Src=0x1bf77c, _Size=0x10 | out: _Dst=0x1cc7cc) returned 0x1cc7cc [0118.782] memcpy (in: _Dst=0x1cc7e4, _Src=0x1bf834, _Size=0xa | out: _Dst=0x1cc7e4) returned 0x1cc7e4 [0118.783] memcpy (in: _Dst=0x1cc7f8, _Src=0x1bf8c4, _Size=0x6 | out: _Dst=0x1cc7f8) returned 0x1cc7f8 [0118.783] memcpy (in: _Dst=0x1cc808, _Src=0x1bf8fc, _Size=0x6 | out: _Dst=0x1cc808) returned 0x1cc808 [0118.783] memcpy (in: _Dst=0x1cc818, _Src=0x1bf934, _Size=0x4 | out: _Dst=0x1cc818) returned 0x1cc818 [0118.783] memcpy (in: _Dst=0x1cc824, _Src=0x1bf96c, _Size=0x4 | out: _Dst=0x1cc824) returned 0x1cc824 [0118.783] memcpy (in: _Dst=0x1cc830, _Src=0x1bf9ec, _Size=0x6 | out: _Dst=0x1cc830) returned 0x1cc830 [0118.783] memcpy (in: _Dst=0x1cc840, _Src=0x1bfa24, _Size=0xe | out: _Dst=0x1cc840) returned 0x1cc840 [0118.783] memcpy (in: _Dst=0x1cc858, _Src=0x1bfa64, _Size=0x8 | out: _Dst=0x1cc858) returned 0x1cc858 [0118.783] memcpy (in: _Dst=0x1cc868, _Src=0x1bfa9c, _Size=0x6 | out: _Dst=0x1cc868) returned 0x1cc868 [0118.783] memcpy (in: _Dst=0x1cc878, _Src=0x1bfb4c, _Size=0x8 | out: _Dst=0x1cc878) returned 0x1cc878 [0118.783] memcpy (in: _Dst=0x1cc888, _Src=0x1bfb0c, _Size=0xa | out: _Dst=0x1cc888) returned 0x1cc888 [0118.783] memcpy (in: _Dst=0x1cc894, _Src=0x5af290, _Size=0xab | out: _Dst=0x1cc894) returned 0x1cc894 [0118.783] memcpy (in: _Dst=0x1cc940, _Src=0x1cbb60, _Size=0x378 | out: _Dst=0x1cc940) returned 0x1cc940 [0118.783] memcpy (in: _Dst=0x1cccd8, _Src=0x1aec20, _Size=0x20 | out: _Dst=0x1cccd8) returned 0x1cccd8 [0118.783] memcpy (in: _Dst=0x1cccf8, _Src=0x5ae020, _Size=0x30 | out: _Dst=0x1cccf8) returned 0x1cccf8 [0118.784] memcpy (in: _Dst=0x1ccd28, _Src=0x1f76cd0, _Size=0x26bc | out: _Dst=0x1ccd28) returned 0x1ccd28 [0118.784] memcpy (in: _Dst=0x1cf3e8, _Src=0x1c71e8, _Size=0x30 | out: _Dst=0x1cf3e8) returned 0x1cf3e8 [0118.784] memcpy (in: _Dst=0x1cf418, _Src=0x1c7224, _Size=0x3d | out: _Dst=0x1cf418) returned 0x1cf418 [0118.784] memcpy (in: _Dst=0x1cf455, _Src=0x1c7274, _Size=0x40 | out: _Dst=0x1cf455) returned 0x1cf455 [0118.784] memcpy (in: _Dst=0x1cf495, _Src=0x1c72c4, _Size=0x40 | out: _Dst=0x1cf495) returned 0x1cf495 [0118.784] memcpy (in: _Dst=0x1cf4d5, _Src=0x1c7314, _Size=0x6 | out: _Dst=0x1cf4d5) returned 0x1cf4d5 [0118.784] memcpy (in: _Dst=0x1cf4e0, _Src=0x1c7370, _Size=0x38 | out: _Dst=0x1cf4e0) returned 0x1cf4e0 [0118.784] memcpy (in: _Dst=0x1cf518, _Src=0x1c73b4, _Size=0x14 | out: _Dst=0x1cf518) returned 0x1cf518 [0118.784] memcpy (in: _Dst=0x1cf530, _Src=0x1c7410, _Size=0x48 | out: _Dst=0x1cf530) returned 0x1cf530 [0118.784] memcpy (in: _Dst=0x1cf578, _Src=0x1c7464, _Size=0x3f | out: _Dst=0x1cf578) returned 0x1cf578 [0118.785] memcpy (in: _Dst=0x1cf5b7, _Src=0x1c750c, _Size=0x14 | out: _Dst=0x1cf5b7) returned 0x1cf5b7 [0118.785] memcpy (in: _Dst=0x1cf5d0, _Src=0x1c7568, _Size=0x30 | out: _Dst=0x1cf5d0) returned 0x1cf5d0 [0118.785] memcpy (in: _Dst=0x1cf600, _Src=0x1c75a4, _Size=0x29 | out: _Dst=0x1cf600) returned 0x1cf600 [0118.785] memcpy (in: _Dst=0x1cf630, _Src=0x1c7600, _Size=0x90 | out: _Dst=0x1cf630) returned 0x1cf630 [0118.785] memcpy (in: _Dst=0x1cf6c0, _Src=0x1c769c, _Size=0x3e | out: _Dst=0x1cf6c0) returned 0x1cf6c0 [0118.785] memcpy (in: _Dst=0x1cf6fe, _Src=0x1c76fc, _Size=0x40 | out: _Dst=0x1cf6fe) returned 0x1cf6fe [0118.785] memcpy (in: _Dst=0x1cf73e, _Src=0x1c774c, _Size=0x3f | out: _Dst=0x1cf73e) returned 0x1cf73e [0118.785] memcpy (in: _Dst=0x1cf77d, _Src=0x1c779c, _Size=0x40 | out: _Dst=0x1cf77d) returned 0x1cf77d [0118.785] memcpy (in: _Dst=0x1cf7bd, _Src=0x1c7b94, _Size=0x3d | out: _Dst=0x1cf7bd) returned 0x1cf7bd [0118.785] memcpy (in: _Dst=0x1cf7fa, _Src=0x1c7bf4, _Size=0x3f | out: _Dst=0x1cf7fa) returned 0x1cf7fa [0118.785] memcpy (in: _Dst=0x1cf839, _Src=0x1c7c6c, _Size=0x3f | out: _Dst=0x1cf839) returned 0x1cf839 [0118.785] memcpy (in: _Dst=0x1cf878, _Src=0x1c7ccc, _Size=0x3d | out: _Dst=0x1cf878) returned 0x1cf878 [0118.785] memcpy (in: _Dst=0x1cf8b5, _Src=0x1c7d1c, _Size=0x3e | out: _Dst=0x1cf8b5) returned 0x1cf8b5 [0118.786] memcpy (in: _Dst=0x1cf8f3, _Src=0x1c7d6c, _Size=0x3f | out: _Dst=0x1cf8f3) returned 0x1cf8f3 [0118.786] memcpy (in: _Dst=0x1cf932, _Src=0x1c7dbc, _Size=0x3f | out: _Dst=0x1cf932) returned 0x1cf932 [0118.786] memcpy (in: _Dst=0x1cf971, _Src=0x1c7e0c, _Size=0x3d | out: _Dst=0x1cf971) returned 0x1cf971 [0118.786] memcpy (in: _Dst=0x1cf9ae, _Src=0x1c7e74, _Size=0x40 | out: _Dst=0x1cf9ae) returned 0x1cf9ae [0118.786] memcpy (in: _Dst=0x1cf9ee, _Src=0x1c7edc, _Size=0x3f | out: _Dst=0x1cf9ee) returned 0x1cf9ee [0118.786] memcpy (in: _Dst=0x1cfa2d, _Src=0x1c7f2c, _Size=0x40 | out: _Dst=0x1cfa2d) returned 0x1cfa2d [0118.786] memcpy (in: _Dst=0x1cfa6d, _Src=0x1c7f7c, _Size=0x40 | out: _Dst=0x1cfa6d) returned 0x1cfa6d [0118.786] memcpy (in: _Dst=0x1cfaad, _Src=0x1c7fcc, _Size=0x40 | out: _Dst=0x1cfaad) returned 0x1cfaad [0118.786] memcpy (in: _Dst=0x1cfaed, _Src=0x1c801c, _Size=0x40 | out: _Dst=0x1cfaed) returned 0x1cfaed [0118.786] memcpy (in: _Dst=0x1cfb2d, _Src=0x1c8084, _Size=0x40 | out: _Dst=0x1cfb2d) returned 0x1cfb2d [0118.786] memcpy (in: _Dst=0x1cfb6d, _Src=0x1c80d4, _Size=0x40 | out: _Dst=0x1cfb6d) returned 0x1cfb6d [0118.786] memcpy (in: _Dst=0x1cfbad, _Src=0x1c8124, _Size=0x3f | out: _Dst=0x1cfbad) returned 0x1cfbad [0118.786] memcpy (in: _Dst=0x1cfbec, _Src=0x1c8174, _Size=0x40 | out: _Dst=0x1cfbec) returned 0x1cfbec [0118.787] memcpy (in: _Dst=0x1cfc2c, _Src=0x1c81c4, _Size=0x3e | out: _Dst=0x1cfc2c) returned 0x1cfc2c [0118.787] memcpy (in: _Dst=0x1cfc6a, _Src=0x1c8214, _Size=0x9 | out: _Dst=0x1cfc6a) returned 0x1cfc6a [0118.787] memcpy (in: _Dst=0x1cfc78, _Src=0x1c8270, _Size=0x60 | out: _Dst=0x1cfc78) returned 0x1cfc78 [0118.787] memcpy (in: _Dst=0x1cfcd8, _Src=0x1c82dc, _Size=0x40 | out: _Dst=0x1cfcd8) returned 0x1cfcd8 [0118.787] memcpy (in: _Dst=0x1cfd18, _Src=0x1c832c, _Size=0x40 | out: _Dst=0x1cfd18) returned 0x1cfd18 [0118.787] memcpy (in: _Dst=0x1cfd58, _Src=0x1c837c, _Size=0x3d | out: _Dst=0x1cfd58) returned 0x1cfd58 [0118.787] memcpy (in: _Dst=0x1cfd95, _Src=0x1c83cc, _Size=0x40 | out: _Dst=0x1cfd95) returned 0x1cfd95 [0118.787] memcpy (in: _Dst=0x1cfdd5, _Src=0x1c841c, _Size=0x3d | out: _Dst=0x1cfdd5) returned 0x1cfdd5 [0118.787] memcpy (in: _Dst=0x1cfe12, _Src=0x1c846c, _Size=0x40 | out: _Dst=0x1cfe12) returned 0x1cfe12 [0118.787] memcpy (in: _Dst=0x1cfe52, _Src=0x1c84bc, _Size=0x40 | out: _Dst=0x1cfe52) returned 0x1cfe52 [0118.787] memcpy (in: _Dst=0x1cfe92, _Src=0x1c850c, _Size=0x40 | out: _Dst=0x1cfe92) returned 0x1cfe92 [0118.787] memcpy (in: _Dst=0x1cfed2, _Src=0x1c855c, _Size=0x40 | out: _Dst=0x1cfed2) returned 0x1cfed2 [0118.787] memcpy (in: _Dst=0x1cff12, _Src=0x1c85ac, _Size=0x3f | out: _Dst=0x1cff12) returned 0x1cff12 [0118.788] memcpy (in: _Dst=0x1cff58, _Src=0x1c8608, _Size=0x48 | out: _Dst=0x1cff58) returned 0x1cff58 [0118.788] memcpy (in: _Dst=0x1cffa0, _Src=0x1c865c, _Size=0x40 | out: _Dst=0x1cffa0) returned 0x1cffa0 [0118.788] memcpy (in: _Dst=0x1cffe0, _Src=0x1c86ac, _Size=0x3d | out: _Dst=0x1cffe0) returned 0x1cffe0 [0118.788] memcpy (in: _Dst=0x1d001d, _Src=0x1c86fc, _Size=0x9 | out: _Dst=0x1d001d) returned 0x1d001d [0118.788] ??2@YAPEAX_K@Z () returned 0x5ac8c0 [0118.789] free (_Block=0x1bdfd0) [0118.789] free (_Block=0x5ae0f0) [0118.789] ??3@YAXPEAX@Z () returned 0x320037007a0001 [0118.789] free (_Block=0x5af290) [0118.790] free (_Block=0x1cbb60) [0118.790] free (_Block=0x1c7b50) [0118.791] free (_Block=0x1c3810) [0118.791] free (_Block=0x1c1800) [0118.791] free (_Block=0x1c07f0) [0118.792] free (_Block=0x1bffe0) [0118.792] free (_Block=0x5af8b0) [0118.792] free (_Block=0x5af6a0) [0118.792] free (_Block=0x5aa100) [0118.793] ??2@YAPEAX_K@Z () returned 0x5ad9f0 [0118.793] ??2@YAPEAX_K@Z () returned 0x5ae0f0 [0118.793] malloc (_Size=0x10) returned 0x5ac8a0 [0118.793] memcpy (in: _Dst=0x5ac8a0, _Src=0x1aeb00, _Size=0x10 | out: _Dst=0x5ac8a0) returned 0x5ac8a0 [0118.793] free (_Block=0x5ae020) [0118.795] GetUserDefaultLCID () returned 0x409 [0118.795] GetACP () returned 0x4e4 [0118.795] ??3@YAXPEAX@Z () returned 0x32003800760001 [0118.795] ISystemDebugEventFire:EndSession (This=0x3890a0) returned 0x0 [0118.795] IUnknown:Release (This=0x3890a0) returned 0x1 [0118.795] ??3@YAXPEAX@Z () returned 0x1434c401 [0118.795] ??3@YAXPEAX@Z () returned 0x1434c401 [0118.796] IUnknown:Release (This=0x3890a0) returned 0x0 [0118.796] DllRegisterServer () returned 0x0 [0118.798] XSLTemplate:IXSLTemplate:createProcessor (in: This=0x1f67620, ppProcessor=0x1af0c0 | out: ppProcessor=0x1af0c0*=0x1f68df0) returned 0x0 [0118.798] FreeThreadedDOMDocument:IUnknown:AddRef (This=0x1f671d0) returned 0x2 [0118.798] IXSLProcessor:put_input (This=0x1f68df0, input=0x1af300*(varType=0x9, wReserved1=0xf3fa, wReserved2=0x7fe, wReserved3=0x0, varVal1=0x1f671d0, varVal2=0x1)) returned 0x0 [0118.798] GetStdHandle (nStdHandle=0xfffffff5) returned 0x1a0 [0118.799] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1a0, lpConsoleScreenBufferInfo=0x1aefc0 | out: lpConsoleScreenBufferInfo=0x1aefc0) returned 0 [0118.799] GetStdHandle (nStdHandle=0xfffffff5) returned 0x1a0 [0118.799] GetFileType (hFile=0x1a0) returned 0x3 [0118.799] IXSLProcessor:transform (in: This=0x1f68df0, pDone=0x1af378 | out: pDone=0x1af378*=0xffff) returned 0x0 [0118.818] GetCurrentThreadId () returned 0xdf0 [0118.818] ??2@YAPEAX_K@Z () returned 0x5adec0 [0118.819] ??2@YAPEAX_K@Z () returned 0x5a86c0 [0118.819] GetCurrentThreadId () returned 0xdf0 [0118.819] ??2@YAPEAX_K@Z () returned 0x5adf90 [0118.819] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0118.819] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x1aede0, cchData=6 | out: lpLCData="1252") returned 5 [0118.819] IsValidCodePage (CodePage=0x4e4) returned 1 [0118.820] DllRegisterServer () returned 0x0 [0118.820] CoCreateInstance (in: rclsid=0x7fef4bad5a8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef4bad5b8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x5add98 | out: ppv=0x5add98*=0x3890a0) returned 0x0 [0118.820] IUnknown:AddRef (This=0x3890a0) returned 0x2 [0118.820] GetCurrentProcessId () returned 0xdec [0118.820] GetCurrentThreadId () returned 0xdf0 [0118.821] GetTickCount () returned 0x14dc622 [0118.821] ISystemDebugEventFire:BeginSession (This=0x3890a0, guidSourceID=0x7fef4bad5d8, strSessionName="VBScript:00003564:00003568:21874210") returned 0x0 [0118.821] GetCurrentThreadId () returned 0xdf0 [0118.821] ??2@YAPEAX_K@Z () returned 0x5ae020 [0118.822] ??2@YAPEAX_K@Z () returned 0x5ac880 [0118.823] ??2@YAPEAX_K@Z () returned 0x5ae070 [0118.823] ISystemDebugEventFire:IsActive (This=0x3890a0) returned 0x1 [0118.826] malloc (_Size=0x988) returned 0x5ae120 [0118.826] GetCurrentThreadId () returned 0xdf0 [0118.827] DllRegisterServer () returned 0x0 [0118.828] ??2@YAPEAX_K@Z () returned 0x5aeab0 [0118.867] ??2@YAPEAX_K@Z () returned 0x5aeb00 [0118.868] malloc (_Size=0x80) returned 0x5aec00 [0118.868] malloc (_Size=0x108) returned 0x5aa100 [0118.868] memcpy (in: _Dst=0x5aa148, _Src=0x1cc058, _Size=0x1a | out: _Dst=0x5aa148) returned 0x5aa148 [0118.868] ??2@YAPEAX_K@Z () returned 0x5aec90 [0118.869] memcpy (in: _Dst=0x5aa1a8, _Src=0x1cc07c, _Size=0xc | out: _Dst=0x5aa1a8) returned 0x5aa1a8 [0118.869] ??2@YAPEAX_K@Z () returned 0x5aece0 [0118.869] malloc (_Size=0x208) returned 0x5aed30 [0118.869] memcpy (in: _Dst=0x5aed78, _Src=0x1cc090, _Size=0x18 | out: _Dst=0x5aed78) returned 0x5aed78 [0118.869] ??2@YAPEAX_K@Z () returned 0x5aef40 [0118.870] memcpy (in: _Dst=0x5aedd0, _Src=0x1cc0b0, _Size=0x14 | out: _Dst=0x5aedd0) returned 0x5aedd0 [0118.870] ??2@YAPEAX_K@Z () returned 0x5aef90 [0118.871] memcpy (in: _Dst=0x5aee28, _Src=0x1cc0cc, _Size=0x1c | out: _Dst=0x5aee28) returned 0x5aee28 [0118.871] ??2@YAPEAX_K@Z () returned 0x5aefe0 [0118.871] memcpy (in: _Dst=0x5aee88, _Src=0x1cc0f0, _Size=0x14 | out: _Dst=0x5aee88) returned 0x5aee88 [0118.871] GetCurrentThreadId () returned 0xdf0 [0118.872] memcpy (in: _Dst=0x5aeee0, _Src=0x1cc10c, _Size=0xc | out: _Dst=0x5aeee0) returned 0x5aeee0 [0118.872] GetCurrentThreadId () returned 0xdf0 [0118.872] malloc (_Size=0x408) returned 0x5af030 [0118.872] memcpy (in: _Dst=0x5af078, _Src=0x1cc120, _Size=0x12 | out: _Dst=0x5af078) returned 0x5af078 [0118.873] GetCurrentThreadId () returned 0xdf0 [0118.873] memcpy (in: _Dst=0x5af0d0, _Src=0x1cc13c, _Size=0xe | out: _Dst=0x5af0d0) returned 0x5af0d0 [0118.873] GetCurrentThreadId () returned 0xdf0 [0118.874] memcpy (in: _Dst=0x5af120, _Src=0x1cc154, _Size=0x6 | out: _Dst=0x5af120) returned 0x5af120 [0118.874] GetCurrentThreadId () returned 0xdf0 [0118.874] memcpy (in: _Dst=0x5af168, _Src=0x1cc164, _Size=0xc | out: _Dst=0x5af168) returned 0x5af168 [0118.874] GetCurrentThreadId () returned 0xdf0 [0118.875] memcpy (in: _Dst=0x5af1b8, _Src=0x1cc178, _Size=0x12 | out: _Dst=0x5af1b8) returned 0x5af1b8 [0118.875] GetCurrentThreadId () returned 0xdf0 [0118.876] memcpy (in: _Dst=0x5af210, _Src=0x1cc194, _Size=0x14 | out: _Dst=0x5af210) returned 0x5af210 [0118.876] GetCurrentThreadId () returned 0xdf0 [0118.876] memcpy (in: _Dst=0x5af268, _Src=0x1cc1b0, _Size=0xa | out: _Dst=0x5af268) returned 0x5af268 [0118.876] GetCurrentThreadId () returned 0xdf0 [0118.877] memcpy (in: _Dst=0x5af2b8, _Src=0x1cc1c4, _Size=0x1a | out: _Dst=0x5af2b8) returned 0x5af2b8 [0118.878] ??2@YAPEAX_K@Z () returned 0x5af440 [0119.080] GetCurrentThreadId () returned 0xdf0 [0119.080] DllRegisterServer () returned 0x0 [0119.081] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.081] ISystemDebugEventFire:IsActive (This=0x3890a0) returned 0x1 [0119.082] GetCurrentThreadId () returned 0xdf0 [0119.083] DllRegisterServer () returned 0x0 [0119.084] GetCurrentThreadId () returned 0xdf0 [0119.084] realloc (_Block=0x0, _Size=0xc8) returned 0x5af900 [0119.084] memcpy (in: _Dst=0x5af900, _Src=0x7fef4bc0800, _Size=0x10 | out: _Dst=0x5af900) returned 0x5af900 [0119.084] memcpy (in: _Dst=0x5af910, _Src=0x7fef4baf2c8, _Size=0x6 | out: _Dst=0x5af910) returned 0x5af910 [0119.084] memcpy (in: _Dst=0x5af916, _Src=0x7fef4baf2d0, _Size=0x18 | out: _Dst=0x5af916) returned 0x5af916 [0119.084] ??2@YAPEAX_K@Z () returned 0x5a8740 [0119.084] malloc (_Size=0x1008) returned 0x1d0030 [0119.085] ??2@YAPEAX_K@Z () returned 0x5af9d0 [0119.085] malloc (_Size=0x2008) returned 0x1d1040 [0119.085] memcpy (in: _Dst=0x1d1074, _Src=0x2831930, _Size=0x18 | out: _Dst=0x1d1074) returned 0x1d1074 [0119.085] malloc (_Size=0x108) returned 0x5aa210 [0119.085] memcpy (in: _Dst=0x1d10c4, _Src=0x283194a, _Size=0x8 | out: _Dst=0x1d10c4) returned 0x1d10c4 [0119.085] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.085] malloc (_Size=0x208) returned 0x5af9d0 [0119.086] malloc (_Size=0x40) returned 0x5ad220 [0119.086] malloc (_Size=0x138) returned 0x5afbe0 [0119.086] memcpy (in: _Dst=0x5afbe0, _Src=0x1ae6c0, _Size=0x30 | out: _Dst=0x5afbe0) returned 0x5afbe0 [0119.086] memcpy (in: _Dst=0x5afc18, _Src=0x1d10c4, _Size=0xa | out: _Dst=0x5afc18) returned 0x5afc18 [0119.086] memcpy (in: _Dst=0x5afc2c, _Src=0x1d1074, _Size=0x1a | out: _Dst=0x5afc2c) returned 0x5afc2c [0119.086] memcpy (in: _Dst=0x5afc48, _Src=0x0, _Size=0x0 | out: _Dst=0x5afc48) returned 0x5afc48 [0119.086] memcpy (in: _Dst=0x5afc48, _Src=0x5ad220, _Size=0x8 | out: _Dst=0x5afc48) returned 0x5afc48 [0119.086] memcpy (in: _Dst=0x5afc58, _Src=0x1aec80, _Size=0x20 | out: _Dst=0x5afc58) returned 0x5afc58 [0119.086] memcpy (in: _Dst=0x5afc78, _Src=0x5af900, _Size=0x30 | out: _Dst=0x5afc78) returned 0x5afc78 [0119.086] memcpy (in: _Dst=0x5afca8, _Src=0x2831930, _Size=0x24 | out: _Dst=0x5afca8) returned 0x5afca8 [0119.087] memcpy (in: _Dst=0x5afcd0, _Src=0x5af9f0, _Size=0x30 | out: _Dst=0x5afcd0) returned 0x5afcd0 [0119.087] memcpy (in: _Dst=0x5afd00, _Src=0x5afa2c, _Size=0x13 | out: _Dst=0x5afd00) returned 0x5afd00 [0119.087] ??2@YAPEAX_K@Z () returned 0x5ac8e0 [0119.087] free (_Block=0x1d1040) [0119.088] free (_Block=0x1d0030) [0119.088] ??3@YAXPEAX@Z () returned 0x320039007a0001 [0119.088] free (_Block=0x5ad220) [0119.088] free (_Block=0x5af9d0) [0119.088] free (_Block=0x5aa210) [0119.089] ??2@YAPEAX_K@Z () returned 0x5ae070 [0119.089] realloc (_Block=0x5ac8a0, _Size=0x40) returned 0x5ad220 [0119.089] memcpy (in: _Dst=0x5ad230, _Src=0x1aeb60, _Size=0x10 | out: _Dst=0x5ad230) returned 0x5ad230 [0119.089] ??2@YAPEAX_K@Z () returned 0x5ad270 [0119.090] ISystemDebugEventFire:IsActive (This=0x3890a0) returned 0x1 [0119.091] GetCurrentThreadId () returned 0xdf0 [0119.091] DllRegisterServer () returned 0x0 [0119.092] memcpy (in: _Dst=0x5af318, _Src=0x5afc18, _Size=0xa | out: _Dst=0x5af318) returned 0x5af318 [0119.094] GetCurrentThreadId () returned 0xdf0 [0119.094] DllRegisterServer () returned 0x0 [0119.094] ??3@YAXPEAX@Z () returned 0x44006e000c0001 [0119.094] ISystemDebugEventFire:IsActive (This=0x3890a0) returned 0x1 [0119.095] free (_Block=0x5afbe0) [0119.095] ??3@YAXPEAX@Z () returned 0x6e019300540001 [0119.095] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.096] free (_Block=0x5af900) [0119.096] GetCurrentThreadId () returned 0xdf0 [0119.096] realloc (_Block=0x0, _Size=0xc8) returned 0x5af900 [0119.097] memcpy (in: _Dst=0x5af900, _Src=0x7fef4bc0800, _Size=0x10 | out: _Dst=0x5af900) returned 0x5af900 [0119.097] memcpy (in: _Dst=0x5af910, _Src=0x7fef4baf2c8, _Size=0x6 | out: _Dst=0x5af910) returned 0x5af910 [0119.097] memcpy (in: _Dst=0x5af916, _Src=0x7fef4baf2d0, _Size=0x18 | out: _Dst=0x5af916) returned 0x5af916 [0119.097] ??2@YAPEAX_K@Z () returned 0x5a8740 [0119.097] malloc (_Size=0x1008) returned 0x1d0030 [0119.097] ??2@YAPEAX_K@Z () returned 0x5af9d0 [0119.097] malloc (_Size=0x2008) returned 0x1d1040 [0119.098] memcpy (in: _Dst=0x1d1074, _Src=0x2831a00, _Size=0x16 | out: _Dst=0x1d1074) returned 0x1d1074 [0119.098] malloc (_Size=0x108) returned 0x5aa210 [0119.098] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.098] malloc (_Size=0x208) returned 0x5af9d0 [0119.098] malloc (_Size=0x40) returned 0x5ad270 [0119.098] malloc (_Size=0x110) returned 0x5afbe0 [0119.098] memcpy (in: _Dst=0x5afbe0, _Src=0x1ae6c0, _Size=0x30 | out: _Dst=0x5afbe0) returned 0x5afbe0 [0119.098] memcpy (in: _Dst=0x5afc18, _Src=0x1d1074, _Size=0x18 | out: _Dst=0x5afc18) returned 0x5afc18 [0119.098] memcpy (in: _Dst=0x5afc30, _Src=0x0, _Size=0x0 | out: _Dst=0x5afc30) returned 0x5afc30 [0119.098] memcpy (in: _Dst=0x5afc30, _Src=0x5ad270, _Size=0x8 | out: _Dst=0x5afc30) returned 0x5afc30 [0119.099] memcpy (in: _Dst=0x5afc40, _Src=0x1aec80, _Size=0x20 | out: _Dst=0x5afc40) returned 0x5afc40 [0119.099] memcpy (in: _Dst=0x5afc60, _Src=0x5af900, _Size=0x30 | out: _Dst=0x5afc60) returned 0x5afc60 [0119.099] memcpy (in: _Dst=0x5afc90, _Src=0x2831a00, _Size=0x1a | out: _Dst=0x5afc90) returned 0x5afc90 [0119.099] memcpy (in: _Dst=0x5afcb0, _Src=0x5af9f0, _Size=0x30 | out: _Dst=0x5afcb0) returned 0x5afcb0 [0119.099] memcpy (in: _Dst=0x5afce0, _Src=0x5afa2c, _Size=0xe | out: _Dst=0x5afce0) returned 0x5afce0 [0119.099] ??2@YAPEAX_K@Z () returned 0x5ac8e0 [0119.099] free (_Block=0x1d1040) [0119.100] free (_Block=0x1d0030) [0119.100] ??3@YAXPEAX@Z () returned 0x32003a007a0001 [0119.100] free (_Block=0x5ad270) [0119.100] free (_Block=0x5af9d0) [0119.101] free (_Block=0x5aa210) [0119.101] ??2@YAPEAX_K@Z () returned 0x5ae070 [0119.101] memcpy (in: _Dst=0x5ad230, _Src=0x1aeb60, _Size=0x10 | out: _Dst=0x5ad230) returned 0x5ad230 [0119.101] ??2@YAPEAX_K@Z () returned 0x5ad270 [0119.102] ISystemDebugEventFire:IsActive (This=0x3890a0) returned 0x1 [0119.103] GetCurrentThreadId () returned 0xdf0 [0119.103] DllRegisterServer () returned 0x0 [0119.104] GetCurrentThreadId () returned 0xdf0 [0119.104] DllRegisterServer () returned 0x0 [0119.105] ??3@YAXPEAX@Z () returned 0x440070000c0001 [0119.105] ISystemDebugEventFire:IsActive (This=0x3890a0) returned 0x1 [0119.105] free (_Block=0x5afbe0) [0119.105] ??3@YAXPEAX@Z () returned 0x6e019400540001 [0119.105] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.106] free (_Block=0x5af900) [0119.106] GetCurrentThreadId () returned 0xdf0 [0119.106] realloc (_Block=0x0, _Size=0xc8) returned 0x5af900 [0119.106] memcpy (in: _Dst=0x5af900, _Src=0x7fef4bc0800, _Size=0x10 | out: _Dst=0x5af900) returned 0x5af900 [0119.106] memcpy (in: _Dst=0x5af910, _Src=0x7fef4baf2c8, _Size=0x6 | out: _Dst=0x5af910) returned 0x5af910 [0119.106] memcpy (in: _Dst=0x5af916, _Src=0x7fef4baf2d0, _Size=0x18 | out: _Dst=0x5af916) returned 0x5af916 [0119.107] ??2@YAPEAX_K@Z () returned 0x5a8740 [0119.107] malloc (_Size=0x1008) returned 0x1d0030 [0119.107] ??2@YAPEAX_K@Z () returned 0x5af9d0 [0119.107] malloc (_Size=0x2008) returned 0x1d1040 [0119.107] memcpy (in: _Dst=0x1d1074, _Src=0x2831bb0, _Size=0x12 | out: _Dst=0x1d1074) returned 0x1d1074 [0119.107] malloc (_Size=0x108) returned 0x5aa210 [0119.107] memcpy (in: _Dst=0x1d10bc, _Src=0x2831bc4, _Size=0x8 | out: _Dst=0x1d10bc) returned 0x1d10bc [0119.107] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.107] malloc (_Size=0x208) returned 0x5af9d0 [0119.108] malloc (_Size=0x40) returned 0x5ad270 [0119.108] malloc (_Size=0x128) returned 0x5afbe0 [0119.108] memcpy (in: _Dst=0x5afbe0, _Src=0x1ae6c0, _Size=0x30 | out: _Dst=0x5afbe0) returned 0x5afbe0 [0119.108] memcpy (in: _Dst=0x5afc18, _Src=0x1d10bc, _Size=0xa | out: _Dst=0x5afc18) returned 0x5afc18 [0119.108] memcpy (in: _Dst=0x5afc2c, _Src=0x1d1074, _Size=0x14 | out: _Dst=0x5afc2c) returned 0x5afc2c [0119.108] memcpy (in: _Dst=0x5afc40, _Src=0x0, _Size=0x0 | out: _Dst=0x5afc40) returned 0x5afc40 [0119.108] memcpy (in: _Dst=0x5afc40, _Src=0x5ad270, _Size=0x8 | out: _Dst=0x5afc40) returned 0x5afc40 [0119.108] memcpy (in: _Dst=0x5afc50, _Src=0x1aec80, _Size=0x20 | out: _Dst=0x5afc50) returned 0x5afc50 [0119.111] memcpy (in: _Dst=0x5afc70, _Src=0x5af900, _Size=0x30 | out: _Dst=0x5afc70) returned 0x5afc70 [0119.111] memcpy (in: _Dst=0x5afca0, _Src=0x2831bb0, _Size=0x1e | out: _Dst=0x5afca0) returned 0x5afca0 [0119.111] memcpy (in: _Dst=0x5afcc0, _Src=0x5af9f0, _Size=0x30 | out: _Dst=0x5afcc0) returned 0x5afcc0 [0119.111] memcpy (in: _Dst=0x5afcf0, _Src=0x5afa2c, _Size=0x13 | out: _Dst=0x5afcf0) returned 0x5afcf0 [0119.111] ??2@YAPEAX_K@Z () returned 0x5ac8e0 [0119.112] free (_Block=0x1d1040) [0119.112] free (_Block=0x1d0030) [0119.112] ??3@YAXPEAX@Z () returned 0x32003b007a0001 [0119.112] free (_Block=0x5ad270) [0119.113] free (_Block=0x5af9d0) [0119.113] free (_Block=0x5aa210) [0119.113] ??2@YAPEAX_K@Z () returned 0x5ae070 [0119.113] memcpy (in: _Dst=0x5ad230, _Src=0x1aeb60, _Size=0x10 | out: _Dst=0x5ad230) returned 0x5ad230 [0119.114] ??2@YAPEAX_K@Z () returned 0x5ad270 [0119.114] ISystemDebugEventFire:IsActive (This=0x3890a0) returned 0x1 [0119.115] GetCurrentThreadId () returned 0xdf0 [0119.115] DllRegisterServer () returned 0x0 [0119.117] IUnknown:QueryInterface (in: This=0x1f74340, riid=0x7fef4bad588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x1ada60 | out: ppvObject=0x1ada60*=0x1f74370) returned 0x0 [0119.118] IUnknown:Release (This=0x1f74340) returned 0x1 [0119.118] IUnknown:QueryInterface (in: This=0x1f74370, riid=0x7fef4bad588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x1add60 | out: ppvObject=0x1add60*=0x1f74370) returned 0x0 [0119.118] IDispatchEx:GetDispId (in: This=0x1f74370, bstrName="GetNamedItem", grfdex=0x8, pid=0x1adcc8 | out: pid=0x1adcc8*=83) returned 0x0 [0119.118] IUnknown:Release (This=0x1f74370) returned 0x1 [0119.118] IUnknown:AddRef (This=0x1f74370) returned 0x2 [0119.118] IUnknown:QueryInterface (in: This=0x1f74370, riid=0x7fef4bad588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x1ada50 | out: ppvObject=0x1ada50*=0x1f74370) returned 0x0 [0119.119] ??2@YAPEAX_K@Z () returned 0x5af9d0 [0119.119] IDispatchEx:InvokeEx (in: This=0x1f74370, id=83, lcid=0x409, wFlags=0x3, pdp=0x1ada28*(rgvarg=([0]=0x5ae7c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NAME", varVal2=0x1be758)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarRes=0x1adc68, pei=0x1ada70, pspCaller=0x5af9d0 | out: pdp=0x1ada28*(rgvarg=([0]=0x5ae7c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NAME", varVal2=0x1be758)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarRes=0x1adc68*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1f6a280, varVal2=0x0), pei=0x1ada70*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0)) returned 0x0 [0119.119] IUnknown:Release (This=0x1f74370) returned 0x2 [0119.119] IUnknown:Release (This=0x1f74370) returned 0x1 [0119.120] IUnknown:QueryInterface (in: This=0x1f6a280, riid=0x7fef4bad588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x1ada60 | out: ppvObject=0x1ada60*=0x1f6a2b0) returned 0x0 [0119.120] IUnknown:Release (This=0x1f6a280) returned 0x1 [0119.120] IUnknown:QueryInterface (in: This=0x1f6a2b0, riid=0x7fef4bad588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x1add78 | out: ppvObject=0x1add78*=0x1f6a2b0) returned 0x0 [0119.120] IDispatchEx:GetDispId (in: This=0x1f6a2b0, bstrName="Value", grfdex=0x8, pid=0x1adccc | out: pid=0x1adccc*=120) returned 0x0 [0119.121] IUnknown:Release (This=0x1f6a2b0) returned 0x1 [0119.121] IUnknown:AddRef (This=0x1f6a2b0) returned 0x2 [0119.121] IUnknown:QueryInterface (in: This=0x1f6a2b0, riid=0x7fef4bad588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x1ada50 | out: ppvObject=0x1ada50*=0x1f6a2b0) returned 0x0 [0119.121] IDispatchEx:InvokeEx (in: This=0x1f6a2b0, id=120, lcid=0x409, wFlags=0x3, pdp=0x1ada28*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarRes=0x5ae7d8, pei=0x1ada70, pspCaller=0x5af9d0 | out: pdp=0x1ada28*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarRes=0x5ae7d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Name", varVal2=0x0), pei=0x1ada70*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0)) returned 0x0 [0119.121] IUnknown:Release (This=0x1f6a2b0) returned 0x2 [0119.122] IUnknown:Release (This=0x1f6a2b0) returned 0x1 [0119.123] memcpy (in: _Dst=0x5af368, _Src=0x7fef4bc1978, _Size=0x10 | out: _Dst=0x5af368) returned 0x5af368 [0119.124] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="PROPERTY", cchCount1=8, lpString2="Property.Array", cchCount2=14) returned 1 [0119.126] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="PROPERTY", cchCount1=8, lpString2="Property.Reference", cchCount2=18) returned 1 [0119.127] memcpy (in: _Dst=0x5af3b8, _Src=0x7fef4bc3a60, _Size=0xa | out: _Dst=0x5af3b8) returned 0x5af3b8 [0119.128] memcpy (in: _Dst=0x5af408, _Src=0x7fef4bc2208, _Size=0x10 | out: _Dst=0x5af408) returned 0x5af408 [0119.129] memcpy (in: _Dst=0x3a2988, _Src=0x3a2918, _Size=0x4e | out: _Dst=0x3a2988) returned 0x3a2988 [0119.129] malloc (_Size=0x808) returned 0x1d0030 [0119.129] memcpy (in: _Dst=0x1d0078, _Src=0x7fef4bc3b10, _Size=0xa | out: _Dst=0x1d0078) returned 0x1d0078 [0119.130] memcpy (in: _Dst=0x3a29f8, _Src=0x3a2918, _Size=0x4e | out: _Dst=0x3a29f8) returned 0x3a29f8 [0119.131] GetCurrentThreadId () returned 0xdf0 [0119.131] DllRegisterServer () returned 0x0 [0119.131] ??3@YAXPEAX@Z () returned 0x440072000c0001 [0119.131] ISystemDebugEventFire:IsActive (This=0x3890a0) returned 0x1 [0119.132] free (_Block=0x5afbe0) [0119.132] ??3@YAXPEAX@Z () returned 0x6e019500540001 [0119.132] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.132] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.132] free (_Block=0x5af900) [0119.133] GetCurrentThreadId () returned 0xdf0 [0119.133] realloc (_Block=0x0, _Size=0xc8) returned 0x5af900 [0119.133] memcpy (in: _Dst=0x5af900, _Src=0x7fef4bc0800, _Size=0x10 | out: _Dst=0x5af900) returned 0x5af900 [0119.133] memcpy (in: _Dst=0x5af910, _Src=0x7fef4baf2c8, _Size=0x6 | out: _Dst=0x5af910) returned 0x5af910 [0119.133] memcpy (in: _Dst=0x5af916, _Src=0x7fef4baf2d0, _Size=0x18 | out: _Dst=0x5af916) returned 0x5af916 [0119.133] ??2@YAPEAX_K@Z () returned 0x5a8740 [0119.133] malloc (_Size=0x1008) returned 0x1d0840 [0119.134] ??2@YAPEAX_K@Z () returned 0x5af9d0 [0119.134] malloc (_Size=0x2008) returned 0x1d1850 [0119.134] memcpy (in: _Dst=0x1d1884, _Src=0x2831840, _Size=0x1a | out: _Dst=0x1d1884) returned 0x1d1884 [0119.134] malloc (_Size=0x108) returned 0x5aa210 [0119.134] memcpy (in: _Dst=0x1d18d4, _Src=0x283185c, _Size=0x8 | out: _Dst=0x1d18d4) returned 0x1d18d4 [0119.134] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.134] malloc (_Size=0x208) returned 0x5af9d0 [0119.134] malloc (_Size=0x40) returned 0x5ad270 [0119.135] malloc (_Size=0x138) returned 0x5afbe0 [0119.135] memcpy (in: _Dst=0x5afbe0, _Src=0x1ae6c0, _Size=0x30 | out: _Dst=0x5afbe0) returned 0x5afbe0 [0119.135] memcpy (in: _Dst=0x5afc18, _Src=0x1d18d4, _Size=0xa | out: _Dst=0x5afc18) returned 0x5afc18 [0119.135] memcpy (in: _Dst=0x5afc2c, _Src=0x1d1884, _Size=0x1c | out: _Dst=0x5afc2c) returned 0x5afc2c [0119.135] memcpy (in: _Dst=0x5afc48, _Src=0x0, _Size=0x0 | out: _Dst=0x5afc48) returned 0x5afc48 [0119.135] memcpy (in: _Dst=0x5afc48, _Src=0x5ad270, _Size=0x8 | out: _Dst=0x5afc48) returned 0x5afc48 [0119.135] memcpy (in: _Dst=0x5afc58, _Src=0x1aec80, _Size=0x20 | out: _Dst=0x5afc58) returned 0x5afc58 [0119.135] memcpy (in: _Dst=0x5afc78, _Src=0x5af900, _Size=0x30 | out: _Dst=0x5afc78) returned 0x5afc78 [0119.135] memcpy (in: _Dst=0x5afca8, _Src=0x2831840, _Size=0x26 | out: _Dst=0x5afca8) returned 0x5afca8 [0119.135] memcpy (in: _Dst=0x5afcd0, _Src=0x5af9f0, _Size=0x30 | out: _Dst=0x5afcd0) returned 0x5afcd0 [0119.135] memcpy (in: _Dst=0x5afd00, _Src=0x5afa2c, _Size=0x13 | out: _Dst=0x5afd00) returned 0x5afd00 [0119.135] ??2@YAPEAX_K@Z () returned 0x5ac8e0 [0119.136] free (_Block=0x1d1850) [0119.136] free (_Block=0x1d0840) [0119.138] ??3@YAXPEAX@Z () returned 0x32003c007a0001 [0119.138] free (_Block=0x5ad270) [0119.138] free (_Block=0x5af9d0) [0119.139] free (_Block=0x5aa210) [0119.139] ??2@YAPEAX_K@Z () returned 0x5ae070 [0119.139] memcpy (in: _Dst=0x5ad230, _Src=0x1aeb60, _Size=0x10 | out: _Dst=0x5ad230) returned 0x5ad230 [0119.140] ??2@YAPEAX_K@Z () returned 0x5ad270 [0119.141] ISystemDebugEventFire:IsActive (This=0x3890a0) returned 0x1 [0119.141] GetCurrentThreadId () returned 0xdf0 [0119.142] DllRegisterServer () returned 0x0 [0119.143] realloc (_Block=0x0, _Size=0x140) returned 0x5af9d0 [0119.143] memcpy (in: _Dst=0x5af9d0, _Src=0x5aeb50, _Size=0xa0 | out: _Dst=0x5af9d0) returned 0x5af9d0 [0119.144] memcpy (in: _Dst=0x1d00c8, _Src=0x7fef4bc0398, _Size=0x8 | out: _Dst=0x1d00c8) returned 0x1d00c8 [0119.144] memcpy (in: _Dst=0x1d0110, _Src=0x7fef4bc03f0, _Size=0x8 | out: _Dst=0x1d0110) returned 0x1d0110 [0119.144] memcpy (in: _Dst=0x3cbbd8, _Src=0x3cbb18, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.144] memcpy (in: _Dst=0x1d0158, _Src=0x7fef4bc1c40, _Size=0xa | out: _Dst=0x1d0158) returned 0x1d0158 [0119.145] memcpy (in: _Dst=0x3cbbd8, _Src=0x3cbb1a, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.145] memcpy (in: _Dst=0x3cbbd8, _Src=0x3cbb1c, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.146] memcpy (in: _Dst=0x3cbbd8, _Src=0x3cbb1e, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.148] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a29f8, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.149] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a29fa, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.149] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a29fc, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.150] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a29fe, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.150] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a00, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.151] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a02, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.151] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a04, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.152] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a06, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.153] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a08, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.153] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a0a, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.154] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a0c, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.154] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a0e, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.155] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a10, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.155] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a12, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.156] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a14, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.156] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a16, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.157] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a18, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.157] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a1a, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.158] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a1c, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.158] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a1e, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.159] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a20, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.159] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a22, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.160] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a24, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.160] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a26, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.161] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a28, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.161] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a2a, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.162] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a2c, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.162] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a2e, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.163] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a30, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.163] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a32, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.164] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a34, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.164] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a36, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.165] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a38, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.165] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a3a, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.166] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a3c, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.166] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a3e, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.167] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a40, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.167] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a42, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.168] memcpy (in: _Dst=0x3cbbd8, _Src=0x3a2a44, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.170] memcpy (in: _Dst=0x3cbbd8, _Src=0x3cbb18, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.172] memcpy (in: _Dst=0x3cbbd8, _Src=0x3cbb1a, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.172] memcpy (in: _Dst=0x3cbbd8, _Src=0x3cbb1c, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.173] memcpy (in: _Dst=0x3cbbd8, _Src=0x3cbb1e, _Size=0x2 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.174] memcpy (in: _Dst=0x3cbae8, _Src=0x3cbbd8, _Size=0x0 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.174] memcpy (in: _Dst=0x3cbae8, _Src=0x3cbb18, _Size=0x8 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.175] memcpy (in: _Dst=0x356e38, _Src=0x3765d8, _Size=0x20 | out: _Dst=0x356e38) returned 0x356e38 [0119.175] memcpy (in: _Dst=0x356e58, _Src=0x3765d8, _Size=0x20 | out: _Dst=0x356e58) returned 0x356e58 [0119.176] memcpy (in: _Dst=0x390df8, _Src=0x356e38, _Size=0x40 | out: _Dst=0x390df8) returned 0x390df8 [0119.176] memcpy (in: _Dst=0x390e38, _Src=0x356e38, _Size=0x40 | out: _Dst=0x390e38) returned 0x390e38 [0119.177] memcpy (in: _Dst=0x1d01a8, _Src=0x7fef4bc03c0, _Size=0xa | out: _Dst=0x1d01a8) returned 0x1d01a8 [0119.177] memcpy (in: _Dst=0x356e38, _Src=0x390df8, _Size=0x4a | out: _Dst=0x356e38) returned 0x356e38 [0119.177] memcpy (in: _Dst=0x390df8, _Src=0x3cbae8, _Size=0x8 | out: _Dst=0x390df8) returned 0x390df8 [0119.178] memcpy (in: _Dst=0x390e00, _Src=0x356e38, _Size=0x4a | out: _Dst=0x390e00) returned 0x390e00 [0119.180] memcpy (in: _Dst=0x3cbae8, _Src=0x3a29f8, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.180] memcpy (in: _Dst=0x3cbae8, _Src=0x3a29fa, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.181] memcpy (in: _Dst=0x3cbae8, _Src=0x3a29fc, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.181] memcpy (in: _Dst=0x3cbae8, _Src=0x3a29fe, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.182] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a00, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.182] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a02, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.183] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a04, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.183] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a06, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.184] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a08, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.185] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a0a, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.185] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a0c, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.185] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a0e, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.186] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a10, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.186] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a12, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.187] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a14, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.188] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a16, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.188] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a18, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.189] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a1a, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.189] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a1c, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.190] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a1e, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.190] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a20, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.191] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a22, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.191] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a24, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.192] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a26, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.192] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a28, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.193] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a2a, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.193] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a2c, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.194] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a2e, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.194] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a30, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.195] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a32, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.195] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a34, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.196] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a36, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.196] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a38, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.197] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a3a, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.197] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a3c, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.198] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a3e, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.198] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a40, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.199] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a42, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.199] memcpy (in: _Dst=0x3cbae8, _Src=0x3a2a44, _Size=0x2 | out: _Dst=0x3cbae8) returned 0x3cbae8 [0119.201] memcpy (in: _Dst=0x356e38, _Src=0x3cbae8, _Size=0x0 | out: _Dst=0x356e38) returned 0x356e38 [0119.201] memcpy (in: _Dst=0x356e38, _Src=0x3a29f8, _Size=0x4e | out: _Dst=0x356e38) returned 0x356e38 [0119.206] memcpy (in: _Dst=0x3cbbd8, _Src=0x3765d8, _Size=0x4 | out: _Dst=0x3cbbd8) returned 0x3cbbd8 [0119.207] memcpy (in: _Dst=0x3a2918, _Src=0x356e38, _Size=0x4e | out: _Dst=0x3a2918) returned 0x3a2918 [0119.207] memcpy (in: _Dst=0x3a2966, _Src=0x3cbbd8, _Size=0x4 | out: _Dst=0x3a2966) returned 0x3a2966 [0119.207] memcpy (in: _Dst=0x1d01f8, _Src=0x7fef4bc0620, _Size=0xe | out: _Dst=0x1d01f8) returned 0x1d01f8 [0119.208] memcpy (in: _Dst=0x356e38, _Src=0x3a2918, _Size=0x52 | out: _Dst=0x356e38) returned 0x356e38 [0119.208] memcpy (in: _Dst=0x356e8a, _Src=0x3cbbd8, _Size=0x4 | out: _Dst=0x356e8a) returned 0x356e8a [0119.208] memcpy (in: _Dst=0x3a2918, _Src=0x390df8, _Size=0x52 | out: _Dst=0x3a2918) returned 0x3a2918 [0119.208] memcpy (in: _Dst=0x3a296a, _Src=0x3cbbd8, _Size=0x4 | out: _Dst=0x3a296a) returned 0x3a296a [0119.208] memcpy (in: _Dst=0x3d4dc8, _Src=0x3a2918, _Size=0x56 | out: _Dst=0x3d4dc8) returned 0x3d4dc8 [0119.209] memcpy (in: _Dst=0x3d4e1e, _Src=0x356e38, _Size=0x56 | out: _Dst=0x3d4e1e) returned 0x3d4e1e [0119.210] GetCurrentThreadId () returned 0xdf0 [0119.210] DllRegisterServer () returned 0x0 [0119.210] ??3@YAXPEAX@Z () returned 0x440074000c0001 [0119.210] ISystemDebugEventFire:IsActive (This=0x3890a0) returned 0x1 [0119.211] free (_Block=0x5afbe0) [0119.211] ??3@YAXPEAX@Z () returned 0x6e019600540001 [0119.212] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.212] free (_Block=0x5af900) [0119.212] GetCurrentThreadId () returned 0xdf0 [0119.212] GetCurrentThreadId () returned 0xdf0 [0119.212] IUnknown:Release (This=0x3890a0) returned 0x1 [0119.212] DllRegisterServer () returned 0x0 [0119.213] DllRegisterServer () returned 0x0 [0119.213] GetUserDefaultLCID () returned 0x409 [0119.213] GetACP () returned 0x4e4 [0119.213] ??3@YAXPEAX@Z () returned 0x6e019700580001 [0119.213] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.214] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.214] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.214] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.214] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.214] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.346] free (_Block=0x5aec00) [0119.346] free (_Block=0x5af9d0) [0119.347] free (_Block=0x1d0030) [0119.347] free (_Block=0x5af030) [0119.348] free (_Block=0x5aed30) [0119.349] free (_Block=0x5aa100) [0119.349] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.349] ??3@YAXPEAX@Z () returned 0x32003d00760001 [0119.349] ISystemDebugEventFire:EndSession (This=0x3890a0) returned 0x0 [0119.349] IUnknown:Release (This=0x3890a0) returned 0x0 [0119.349] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.349] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.349] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.350] DllRegisterServer () returned 0x0 [0119.351] IXSLProcessor:get_output (in: This=0x1f68df0, pOutput=0x1af160 | out: pOutput=0x1af160*(varType=0x8, wReserved1=0x1f6, wReserved2=0x0, wReserved3=0x0, varVal1="Name \r\nIntel(R) Core(TM) i5-7500 CPU @ 3.40GHz \r\n", varVal2=0x1)) returned 0x0 [0119.351] malloc (_Size=0x18) returned 0x5ac880 [0119.352] XSLTemplate:IUnknown:Release (This=0x1f68df0) returned 0x0 [0119.352] FreeThreadedDOMDocument:IUnknown:Release (This=0x1f6b330) returned 0x2 [0119.352] XSLTemplate:IUnknown:Release (This=0x1f67620) returned 0x0 [0119.354] memcpy (in: _Dst=0x1aeee0, _Src=0x5ad220, _Size=0x10 | out: _Dst=0x1aeee0) returned 0x1aeee0 [0119.355] free (_Block=0x1cc020) [0119.356] ??3@YAXPEAX@Z () returned 0x6e019800580001 [0119.356] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.357] free (_Block=0x5ad220) [0119.357] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.358] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.360] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0119.361] free (_Block=0x5a8640) [0119.361] free (_Block=0x5accb0) [0119.361] malloc (_Size=0xb0) returned 0x5adec0 [0119.362] memcpy_s (in: _Destination=0x5adec0, _DestinationSize=0xae, _Source=0x3a3b18, _SourceSize=0xac | out: _Destination=0x5adec0) returned 0x0 [0119.362] malloc (_Size=0x30) returned 0x5a8640 [0119.362] free (_Block=0x5a8640) [0119.362] malloc (_Size=0x60) returned 0x5adf80 [0119.363] memcpy_s (in: _Destination=0x5adf80, _DestinationSize=0x5e, _Source=0x5adec0, _SourceSize=0x56 | out: _Destination=0x5adf80) returned 0x0 [0119.363] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Name \r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0119.363] malloc (_Size=0x2c) returned 0x5a8640 [0119.363] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Name \r\n", cchWideChar=-1, lpMultiByteStr=0x5a8640, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Name \r\n", lpUsedDefaultChar=0x0) returned 44 [0119.363] fprintf (in: _File=0x7feff862ab0, _Format="%s" | out: _File=0x7feff862ab0) returned 43 [0119.363] fflush (in: _File=0x7feff862ab0 | out: _File=0x7feff862ab0) returned 0 [0119.364] free (_Block=0x5a8640) [0119.365] free (_Block=0x5adf80) [0119.365] malloc (_Size=0x60) returned 0x5adf80 [0119.365] memcpy_s (in: _Destination=0x5adf80, _DestinationSize=0x5e, _Source=0x5adf16, _SourceSize=0x56 | out: _Destination=0x5adf80) returned 0x0 [0119.365] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz \r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0119.365] malloc (_Size=0x2c) returned 0x5a8640 [0119.365] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz \r\n", cchWideChar=-1, lpMultiByteStr=0x5a8640, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz \r\n", lpUsedDefaultChar=0x0) returned 44 [0119.365] fprintf (in: _File=0x7feff862ab0, _Format="%s" | out: _File=0x7feff862ab0) returned 43 [0119.365] fflush (in: _File=0x7feff862ab0 | out: _File=0x7feff862ab0) returned 0 [0119.366] free (_Block=0x5a8640) [0119.366] free (_Block=0x5adf80) [0119.367] malloc (_Size=0x800) returned 0x5aeab0 [0119.367] LoadStringW (in: hInstance=0x0, uID=0xafd2, lpBuffer=0x5aeab0, cchBufferMax=1024 | out: lpBuffer="\r\n") returned 0x2 [0119.367] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0119.367] malloc (_Size=0x3) returned 0x5ace20 [0119.367] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x5ace20, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0119.367] fprintf (in: _File=0x7feff862ab0, _Format="%s" | out: _File=0x7feff862ab0) returned 2 [0119.367] fflush (in: _File=0x7feff862ab0 | out: _File=0x7feff862ab0) returned 0 [0119.368] free (_Block=0x5ace20) [0119.368] free (_Block=0x5aeab0) [0119.369] free (_Block=0x5adec0) [0119.369] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0119.370] free (_Block=0x5ac880) [0119.370] ??1CHString@@QEAA@XZ () returned 0x1434c401 [0119.370] FreeThreadedDOMDocument:IUnknown:Release (This=0x1f671d0) returned 0x0 [0119.370] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4dfc96c [0119.370] free (_Block=0x5ac920) [0119.370] malloc (_Size=0x18) returned 0x5ac920 [0119.370] free (_Block=0x5aca80) [0119.370] malloc (_Size=0x18) returned 0x5aca80 [0119.371] free (_Block=0x5acc10) [0119.371] free (_Block=0x5acac0) [0119.371] free (_Block=0x5acae0) [0119.371] free (_Block=0x5aca20) [0119.371] free (_Block=0x5ac920) [0119.371] free (_Block=0x5aca80) [0119.371] free (_Block=0x5a6cf0) [0119.371] free (_Block=0x5a6c80) [0119.372] free (_Block=0x5acba0) [0119.372] free (_Block=0x5acbd0) [0119.373] free (_Block=0x5a8700) [0119.373] free (_Block=0x5aca60) [0119.373] free (_Block=0x5acb50) [0119.374] free (_Block=0x5ac900) [0119.374] free (_Block=0x5ac9e0) [0119.374] free (_Block=0x5a6d70) [0119.375] free (_Block=0x5a6b60) [0119.378] free (_Block=0x5a6db0) [0119.378] free (_Block=0x5ac9c0) [0119.378] free (_Block=0x5acda0) [0119.378] free (_Block=0x5acaa0) [0119.379] free (_Block=0x5ac980) [0119.379] free (_Block=0x5aca00) [0119.379] free (_Block=0x5ac9a0) [0119.379] free (_Block=0x5acd20) [0119.380] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4dfc96c [0119.380] free (_Block=0x5a6d20) [0119.380] free (_Block=0x5a6d50) [0119.380] free (_Block=0x5a6d90) [0119.380] free (_Block=0x5ac940) [0119.381] free (_Block=0x5a7f60) [0119.381] free (_Block=0x5a62b0) [0119.382] free (_Block=0x5a6300) [0119.382] free (_Block=0x5aca40) [0119.382] free (_Block=0x5a63c0) [0119.382] free (_Block=0x5a6b40) [0119.383] free (_Block=0x5a8080) [0119.383] free (_Block=0x5a6b20) [0119.383] free (_Block=0x5a8040) [0119.384] free (_Block=0x5a6700) [0119.384] free (_Block=0x5a8000) [0119.384] free (_Block=0x5a65e0) [0119.385] free (_Block=0x5a6600) [0119.385] free (_Block=0x5a6580) [0119.386] free (_Block=0x5a65a0) [0119.386] free (_Block=0x5a6640) [0119.386] free (_Block=0x5a6660) [0119.386] free (_Block=0x5a66a0) [0119.387] free (_Block=0x5a66c0) [0119.387] free (_Block=0x5a64c0) [0119.388] free (_Block=0x5a64e0) [0119.388] free (_Block=0x5a6460) [0119.389] free (_Block=0x5a6480) [0119.390] free (_Block=0x5a6520) [0119.391] free (_Block=0x5a6540) [0119.391] free (_Block=0x5a6400) [0119.392] free (_Block=0x5a6420) [0119.393] free (_Block=0x5a6380) [0119.394] free (_Block=0x5a6350) [0119.394] free (_Block=0x5a6bf0) [0119.394] WbemObjectTextSrc:IUnknown:Release (This=0x3993c0) returned 0x0 [0119.394] IUnknown:Release (This=0x398510) returned 0x0 [0119.394] WbemLocator:IUnknown:Release (This=0x31cba0) returned 0x2 [0119.394] WbemLocator:IUnknown:Release (This=0x3865d0) returned 0x0 [0119.399] WbemLocator:IUnknown:Release (This=0x3864b0) returned 0x0 [0119.400] WbemLocator:IUnknown:Release (This=0x31cba0) returned 0x1 [0119.400] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4dfc96c [0119.400] WbemLocator:IUnknown:Release (This=0x31cba0) returned 0x0 [0119.400] free (_Block=0x5ac800) [0119.401] free (_Block=0x5ac820) [0119.401] free (_Block=0x5a8580) [0119.401] free (_Block=0x5ac840) [0119.401] free (_Block=0x5ac860) [0119.402] free (_Block=0x5a85c0) [0119.402] free (_Block=0x5ac680) [0119.402] free (_Block=0x5ac6a0) [0119.402] free (_Block=0x5a8400) [0119.402] free (_Block=0x5ac6c0) [0119.403] free (_Block=0x5ac6e0) [0119.403] free (_Block=0x5a8440) [0119.403] free (_Block=0x5ac600) [0119.403] free (_Block=0x5ac620) [0119.403] free (_Block=0x5a8380) [0119.404] free (_Block=0x5ac640) [0119.404] free (_Block=0x5ac660) [0119.404] free (_Block=0x5a83c0) [0119.404] free (_Block=0x5ac780) [0119.404] free (_Block=0x5ac7a0) [0119.405] free (_Block=0x5a8500) [0119.405] free (_Block=0x5ac7c0) [0119.407] free (_Block=0x5ac7e0) [0119.407] free (_Block=0x5a8540) [0119.407] free (_Block=0x5ac580) [0119.408] free (_Block=0x5ac5a0) [0119.408] free (_Block=0x5a8300) [0119.408] free (_Block=0x5ac5c0) [0119.408] free (_Block=0x5ac5e0) [0119.408] free (_Block=0x5a8340) [0119.408] free (_Block=0x5ac700) [0119.409] free (_Block=0x5ac720) [0119.409] free (_Block=0x5a8480) [0119.409] free (_Block=0x5ac740) [0119.409] free (_Block=0x5ac760) [0119.409] free (_Block=0x5a84c0) [0119.410] free (_Block=0x5ac4c0) [0119.410] free (_Block=0x5ac4e0) [0119.410] free (_Block=0x5a8240) [0119.410] free (_Block=0x5ac380) [0119.410] free (_Block=0x5ac3a0) [0119.411] free (_Block=0x5a8100) [0119.411] free (_Block=0x5a6bb0) [0119.411] free (_Block=0x5a6bd0) [0119.411] free (_Block=0x5a80c0) [0119.411] free (_Block=0x5ac400) [0119.412] free (_Block=0x5ac420) [0119.412] free (_Block=0x5a8180) [0119.412] free (_Block=0x5ac500) [0119.412] free (_Block=0x5ac520) [0119.412] free (_Block=0x5a8280) [0119.412] free (_Block=0x5ac3c0) [0119.413] free (_Block=0x5ac3e0) [0119.413] free (_Block=0x5a8140) [0119.413] free (_Block=0x5ac440) [0119.413] free (_Block=0x5ac460) [0119.413] free (_Block=0x5a81c0) [0119.414] free (_Block=0x5ac480) [0119.414] free (_Block=0x5ac4a0) [0119.414] free (_Block=0x5a8200) [0119.414] free (_Block=0x5ac540) [0119.414] free (_Block=0x5ac560) [0119.415] free (_Block=0x5a82c0) [0119.415] CoUninitialize () [0119.415] DllCanUnloadNow () returned 0x0 [0119.462] free (_Block=0x5ae120) [0119.462] ??3@YAXPEAX@Z () returned 0x32005b002e0001 [0119.462] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.463] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.463] ??3@YAXPEAX@Z () returned 0x1434c401 [0119.464] free (_Block=0x5a9ff0) [0119.562] exit (_Code=0) [0119.563] free (_Block=0x5a8600) [0119.563] free (_Block=0x5a7bf0) [0119.563] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0119.564] free (_Block=0x5a6ca0) [0119.564] free (_Block=0x5a63e0) [0119.564] free (_Block=0x5a7bb0) [0119.564] free (_Block=0x5a7b70) [0119.565] free (_Block=0x5a7b20) [0119.565] free (_Block=0x5a7ae0) [0119.565] free (_Block=0x5acbf0) [0119.565] free (_Block=0x5a5ae0) [0119.566] free (_Block=0x5a7a60) [0119.566] free (_Block=0x1bdf90) [0119.566] free (_Block=0x5acc30) [0119.566] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0119.566] free (_Block=0x5ac960) Thread: id = 10 os_tid = 0xdf4 Thread: id = 11 os_tid = 0xdf8 Thread: id = 12 os_tid = 0xdfc Thread: id = 13 os_tid = 0xe00 Thread: id = 14 os_tid = 0xe04 Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x71b4000" os_pid = "0x36c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000da1c" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1264 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1265 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1266 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1267 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1268 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1269 start_va = 0xc0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1270 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1271 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1272 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1273 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1274 start_va = 0x200000 end_va = 0x200fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 1275 start_va = 0x210000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1276 start_va = 0x290000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 1277 start_va = 0x350000 end_va = 0x35afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 1278 start_va = 0x360000 end_va = 0x36cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1279 start_va = 0x370000 end_va = 0x373fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 1280 start_va = 0x380000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1281 start_va = 0x480000 end_va = 0x607fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1282 start_va = 0x610000 end_va = 0x619fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 1283 start_va = 0x620000 end_va = 0x620fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 1284 start_va = 0x630000 end_va = 0x631fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Region: id = 1285 start_va = 0x640000 end_va = 0x643fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1286 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 1287 start_va = 0x660000 end_va = 0x7e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 1288 start_va = 0x7f0000 end_va = 0x7f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 1289 start_va = 0x800000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000019.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000019.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000019.db") Region: id = 1290 start_va = 0x830000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 1291 start_va = 0x8b0000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 1292 start_va = 0x930000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 1293 start_va = 0x9b0000 end_va = 0x9b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1294 start_va = 0x9c0000 end_va = 0x9cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1295 start_va = 0x9d0000 end_va = 0x9d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1296 start_va = 0x9e0000 end_va = 0x9e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 1297 start_va = 0x9f0000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 1298 start_va = 0xa70000 end_va = 0xa8bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 1299 start_va = 0xa90000 end_va = 0xa90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 1300 start_va = 0xaa0000 end_va = 0xaa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000aa0000" filename = "" Region: id = 1301 start_va = 0xab0000 end_va = 0xab0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 1302 start_va = 0xac0000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 1303 start_va = 0xb40000 end_va = 0xb40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 1304 start_va = 0xb50000 end_va = 0xb50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 1305 start_va = 0xb60000 end_va = 0xbdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 1306 start_va = 0xbe0000 end_va = 0xc5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 1307 start_va = 0xc60000 end_va = 0xc60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1308 start_va = 0xc70000 end_va = 0xf3efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1309 start_va = 0xf40000 end_va = 0xf59fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 1310 start_va = 0xf60000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 1311 start_va = 0xfe0000 end_va = 0xfe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 1312 start_va = 0xff0000 end_va = 0xff0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ff0000" filename = "" Region: id = 1313 start_va = 0x1000000 end_va = 0x1007fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 1314 start_va = 0x1010000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 1315 start_va = 0x1090000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 1316 start_va = 0x1110000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 1317 start_va = 0x1120000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 1318 start_va = 0x1130000 end_va = 0x113ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 1319 start_va = 0x1140000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 1320 start_va = 0x1150000 end_va = 0x1150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 1321 start_va = 0x1160000 end_va = 0x11dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 1322 start_va = 0x11e0000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1323 start_va = 0x12a0000 end_va = 0x12a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 1324 start_va = 0x12b0000 end_va = 0x12b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 1325 start_va = 0x12c0000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 1326 start_va = 0x1340000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 1327 start_va = 0x13c0000 end_va = 0x143ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 1328 start_va = 0x1440000 end_va = 0x14a5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1329 start_va = 0x14b0000 end_va = 0x14bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014b0000" filename = "" Region: id = 1330 start_va = 0x14c0000 end_va = 0x14c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014c0000" filename = "" Region: id = 1331 start_va = 0x14d0000 end_va = 0x14dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014d0000" filename = "" Region: id = 1332 start_va = 0x14e0000 end_va = 0x14effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014e0000" filename = "" Region: id = 1333 start_va = 0x14f0000 end_va = 0x14fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1334 start_va = 0x1500000 end_va = 0x157ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 1335 start_va = 0x1580000 end_va = 0x158ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001580000" filename = "" Region: id = 1336 start_va = 0x1590000 end_va = 0x159ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001590000" filename = "" Region: id = 1337 start_va = 0x15a0000 end_va = 0x15affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015a0000" filename = "" Region: id = 1338 start_va = 0x15b0000 end_va = 0x15bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015b0000" filename = "" Region: id = 1339 start_va = 0x15c0000 end_va = 0x15cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015c0000" filename = "" Region: id = 1340 start_va = 0x15d0000 end_va = 0x15dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015d0000" filename = "" Region: id = 1341 start_va = 0x15e0000 end_va = 0x15effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015e0000" filename = "" Region: id = 1342 start_va = 0x15f0000 end_va = 0x166ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015f0000" filename = "" Region: id = 1343 start_va = 0x1670000 end_va = 0x167ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1344 start_va = 0x1680000 end_va = 0x168ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001680000" filename = "" Region: id = 1345 start_va = 0x1690000 end_va = 0x1697fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001690000" filename = "" Region: id = 1346 start_va = 0x16a0000 end_va = 0x171ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016a0000" filename = "" Region: id = 1347 start_va = 0x1720000 end_va = 0x172ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001720000" filename = "" Region: id = 1348 start_va = 0x1730000 end_va = 0x173ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001730000" filename = "" Region: id = 1349 start_va = 0x1740000 end_va = 0x1747fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 1350 start_va = 0x1750000 end_va = 0x17cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 1351 start_va = 0x17d0000 end_va = 0x17dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000017d0000" filename = "" Region: id = 1352 start_va = 0x17e0000 end_va = 0x17effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000017e0000" filename = "" Region: id = 1353 start_va = 0x17f0000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000017f0000" filename = "" Region: id = 1354 start_va = 0x1800000 end_va = 0x180ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001800000" filename = "" Region: id = 1355 start_va = 0x1810000 end_va = 0x181ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001810000" filename = "" Region: id = 1356 start_va = 0x1820000 end_va = 0x182ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001820000" filename = "" Region: id = 1357 start_va = 0x1830000 end_va = 0x183ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001830000" filename = "" Region: id = 1358 start_va = 0x1840000 end_va = 0x1840fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 1359 start_va = 0x1850000 end_va = 0x1852fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 1360 start_va = 0x1860000 end_va = 0x18dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001860000" filename = "" Region: id = 1361 start_va = 0x18e0000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018e0000" filename = "" Region: id = 1362 start_va = 0x1900000 end_va = 0x190ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1363 start_va = 0x1910000 end_va = 0x1910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001910000" filename = "" Region: id = 1364 start_va = 0x1930000 end_va = 0x19affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001930000" filename = "" Region: id = 1365 start_va = 0x19b0000 end_va = 0x19bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1366 start_va = 0x19d0000 end_va = 0x1a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019d0000" filename = "" Region: id = 1367 start_va = 0x1a60000 end_va = 0x1adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a60000" filename = "" Region: id = 1368 start_va = 0x1ae0000 end_va = 0x1bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ae0000" filename = "" Region: id = 1369 start_va = 0x1be0000 end_va = 0x1cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001be0000" filename = "" Region: id = 1370 start_va = 0x1d10000 end_va = 0x1d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d10000" filename = "" Region: id = 1371 start_va = 0x1db0000 end_va = 0x1e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 1372 start_va = 0x1e30000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 1373 start_va = 0x1f00000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 1374 start_va = 0x1f80000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 1375 start_va = 0x2010000 end_va = 0x201ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 1376 start_va = 0x2030000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 1377 start_va = 0x20e0000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 1378 start_va = 0x2170000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002170000" filename = "" Region: id = 1379 start_va = 0x22d0000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1380 start_va = 0x2350000 end_va = 0x244ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 1381 start_va = 0x24b0000 end_va = 0x252ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 1382 start_va = 0x25a0000 end_va = 0x261ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 1383 start_va = 0x2620000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 1384 start_va = 0x26a0000 end_va = 0x271ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 1385 start_va = 0x2720000 end_va = 0x272ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002720000" filename = "" Region: id = 1386 start_va = 0x2730000 end_va = 0x282ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002730000" filename = "" Region: id = 1387 start_va = 0x2860000 end_va = 0x28dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 1388 start_va = 0x28e0000 end_va = 0x295ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 1389 start_va = 0x2960000 end_va = 0x29dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 1390 start_va = 0x29f0000 end_va = 0x2a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 1391 start_va = 0x2a90000 end_va = 0x2b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a90000" filename = "" Region: id = 1392 start_va = 0x2b50000 end_va = 0x2bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b50000" filename = "" Region: id = 1393 start_va = 0x2bf0000 end_va = 0x2c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bf0000" filename = "" Region: id = 1394 start_va = 0x2ca0000 end_va = 0x2d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ca0000" filename = "" Region: id = 1395 start_va = 0x2db0000 end_va = 0x2e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002db0000" filename = "" Region: id = 1396 start_va = 0x2e40000 end_va = 0x2ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e40000" filename = "" Region: id = 1397 start_va = 0x2ec0000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ec0000" filename = "" Region: id = 1398 start_va = 0x2f00000 end_va = 0x2f3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002f00000" filename = "" Region: id = 1399 start_va = 0x2f40000 end_va = 0x2fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 1400 start_va = 0x2fc0000 end_va = 0x30bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fc0000" filename = "" Region: id = 1401 start_va = 0x30c0000 end_va = 0x32bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030c0000" filename = "" Region: id = 1402 start_va = 0x3320000 end_va = 0x339ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 1403 start_va = 0x33d0000 end_va = 0x34cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 1404 start_va = 0x34d0000 end_va = 0x354ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034d0000" filename = "" Region: id = 1405 start_va = 0x3590000 end_va = 0x360ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003590000" filename = "" Region: id = 1406 start_va = 0x3650000 end_va = 0x36cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003650000" filename = "" Region: id = 1407 start_va = 0x3710000 end_va = 0x378ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003710000" filename = "" Region: id = 1408 start_va = 0x3850000 end_va = 0x38cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003850000" filename = "" Region: id = 1409 start_va = 0x38d0000 end_va = 0x394ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038d0000" filename = "" Region: id = 1410 start_va = 0x39d0000 end_va = 0x3dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039d0000" filename = "" Region: id = 1411 start_va = 0x3dd0000 end_va = 0x3e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003dd0000" filename = "" Region: id = 1412 start_va = 0x3ea0000 end_va = 0x3f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1413 start_va = 0x3f70000 end_va = 0x3feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f70000" filename = "" Region: id = 1414 start_va = 0x4000000 end_va = 0x407ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 1415 start_va = 0x40b0000 end_va = 0x412ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 1416 start_va = 0x4130000 end_va = 0x432ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004130000" filename = "" Region: id = 1417 start_va = 0x4330000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004330000" filename = "" Region: id = 1418 start_va = 0x4730000 end_va = 0x4f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004730000" filename = "" Region: id = 1419 start_va = 0x4f30000 end_va = 0x502ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f30000" filename = "" Region: id = 1420 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1421 start_va = 0x5080000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1422 start_va = 0x5180000 end_va = 0x527ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 1423 start_va = 0x5280000 end_va = 0x537ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005280000" filename = "" Region: id = 1424 start_va = 0x5380000 end_va = 0x547ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005380000" filename = "" Region: id = 1425 start_va = 0x5480000 end_va = 0x647ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005480000" filename = "" Region: id = 1426 start_va = 0x6540000 end_va = 0x65bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006540000" filename = "" Region: id = 1427 start_va = 0x65d0000 end_va = 0x664ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065d0000" filename = "" Region: id = 1428 start_va = 0x6750000 end_va = 0x67cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006750000" filename = "" Region: id = 1429 start_va = 0x6890000 end_va = 0x690ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006890000" filename = "" Region: id = 1430 start_va = 0x6910000 end_va = 0x6d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006910000" filename = "" Region: id = 1431 start_va = 0x6d70000 end_va = 0x6deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d70000" filename = "" Region: id = 1432 start_va = 0x77660000 end_va = 0x7777efff monitored = 0 entry_point = 0x77675340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1433 start_va = 0x77780000 end_va = 0x77879fff monitored = 0 entry_point = 0x7779a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1434 start_va = 0x77880000 end_va = 0x77a28fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1435 start_va = 0x77a50000 end_va = 0x77a56fff monitored = 0 entry_point = 0x77a5106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1436 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1437 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1438 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1439 start_va = 0xff950000 end_va = 0xff95afff monitored = 0 entry_point = 0xff95246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1440 start_va = 0x7fef3570000 end_va = 0x7fef37c2fff monitored = 0 entry_point = 0x7fef357236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1441 start_va = 0x7fef3950000 end_va = 0x7fef396afff monitored = 0 entry_point = 0x7fef3951198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1442 start_va = 0x7fef3f70000 end_va = 0x7fef4143fff monitored = 0 entry_point = 0x7fef3fa6b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1443 start_va = 0x7fef4720000 end_va = 0x7fef4764fff monitored = 0 entry_point = 0x7fef4753644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1444 start_va = 0x7fef4770000 end_va = 0x7fef4781fff monitored = 0 entry_point = 0x7fef47790bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1445 start_va = 0x7fef47d0000 end_va = 0x7fef47d9fff monitored = 0 entry_point = 0x7fef47d3994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1446 start_va = 0x7fef4830000 end_va = 0x7fef483efff monitored = 0 entry_point = 0x7fef4839a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 1447 start_va = 0x7fef4970000 end_va = 0x7fef498cfff monitored = 0 entry_point = 0x7fef4972f18 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 1448 start_va = 0x7fef4aa0000 end_va = 0x7fef4ab4fff monitored = 0 entry_point = 0x7fef4aa1020 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 1449 start_va = 0x7fef4be0000 end_va = 0x7fef4cb1fff monitored = 0 entry_point = 0x7fef4c71a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1450 start_va = 0x7fef4d90000 end_va = 0x7fef4da6fff monitored = 0 entry_point = 0x7fef4d99d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1451 start_va = 0x7fef50a0000 end_va = 0x7fef50e1fff monitored = 0 entry_point = 0x7fef50d0048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1452 start_va = 0x7fef50f0000 end_va = 0x7fef5109fff monitored = 0 entry_point = 0x7fef5101ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 1453 start_va = 0x7fef5130000 end_va = 0x7fef513efff monitored = 0 entry_point = 0x7fef5136894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 1454 start_va = 0x7fef6550000 end_va = 0x7fef65b1fff monitored = 0 entry_point = 0x7fef6551198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1455 start_va = 0x7fef65c0000 end_va = 0x7fef65f9fff monitored = 0 entry_point = 0x7fef65c1010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 1456 start_va = 0x7fef6c10000 end_va = 0x7fef6c2bfff monitored = 0 entry_point = 0x7fef6c111a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1457 start_va = 0x7fef6cb0000 end_va = 0x7fef6f29fff monitored = 0 entry_point = 0x7fef6ce2200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1458 start_va = 0x7fef7650000 end_va = 0x7fef773dfff monitored = 0 entry_point = 0x7fef76512a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1459 start_va = 0x7fef93f0000 end_va = 0x7fef946bfff monitored = 0 entry_point = 0x7fef93f11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1460 start_va = 0x7fef9580000 end_va = 0x7fef958bfff monitored = 0 entry_point = 0x7fef958602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1461 start_va = 0x7fef9590000 end_va = 0x7fef9603fff monitored = 0 entry_point = 0x7fef95966f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1462 start_va = 0x7fef9610000 end_va = 0x7fef9680fff monitored = 0 entry_point = 0x7fef96551d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1463 start_va = 0x7fef9690000 end_va = 0x7fef96a1fff monitored = 0 entry_point = 0x7fef96989d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1464 start_va = 0x7fef96b0000 end_va = 0x7fef9764fff monitored = 0 entry_point = 0x7fef972cf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1465 start_va = 0x7fef9770000 end_va = 0x7fef97c9fff monitored = 0 entry_point = 0x7fef97adde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1466 start_va = 0x7fef97d0000 end_va = 0x7fef97f0fff monitored = 0 entry_point = 0x7fef97e03b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1467 start_va = 0x7fef9800000 end_va = 0x7fef986afff monitored = 0 entry_point = 0x7fef9844344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1468 start_va = 0x7fef9870000 end_va = 0x7fef9888fff monitored = 0 entry_point = 0x7fef9871104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1469 start_va = 0x7fef9890000 end_va = 0x7fef98dffff monitored = 0 entry_point = 0x7fef9891190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1470 start_va = 0x7fef98e0000 end_va = 0x7fef98e7fff monitored = 0 entry_point = 0x7fef98e1020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1471 start_va = 0x7fef98f0000 end_va = 0x7fef9902fff monitored = 0 entry_point = 0x7fef98f1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1472 start_va = 0x7fef9910000 end_va = 0x7fef9971fff monitored = 0 entry_point = 0x7fef994bd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1473 start_va = 0x7fef9980000 end_va = 0x7fef9aabfff monitored = 0 entry_point = 0x7fef9a30ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1474 start_va = 0x7fef9ab0000 end_va = 0x7fef9ac9fff monitored = 0 entry_point = 0x7fef9ac3fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1475 start_va = 0x7fef9ad0000 end_va = 0x7fef9b53fff monitored = 0 entry_point = 0x7fef9b21118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 1476 start_va = 0x7fef9b60000 end_va = 0x7fef9b84fff monitored = 0 entry_point = 0x7fef9b78c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 1477 start_va = 0x7fef9b90000 end_va = 0x7fef9bccfff monitored = 0 entry_point = 0x7fef9b91070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1478 start_va = 0x7fef9bd0000 end_va = 0x7fef9bddfff monitored = 0 entry_point = 0x7fef9bd5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1479 start_va = 0x7fef9be0000 end_va = 0x7fef9c06fff monitored = 0 entry_point = 0x7fef9be11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1480 start_va = 0x7fef9c10000 end_va = 0x7fef9ce2fff monitored = 0 entry_point = 0x7fef9c88b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1481 start_va = 0x7fef9d30000 end_va = 0x7fef9d76fff monitored = 0 entry_point = 0x7fef9d31040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1482 start_va = 0x7fef9d80000 end_va = 0x7fef9dc1fff monitored = 0 entry_point = 0x7fef9d817e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1483 start_va = 0x7fef9dd0000 end_va = 0x7fef9e61fff monitored = 0 entry_point = 0x7fef9e451ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1484 start_va = 0x7fef9e70000 end_va = 0x7fef9ee6fff monitored = 0 entry_point = 0x7fef9eae7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1485 start_va = 0x7fef9ef0000 end_va = 0x7fef9f29fff monitored = 0 entry_point = 0x7fef9f0d020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1486 start_va = 0x7fefa1e0000 end_va = 0x7fefa1f0fff monitored = 0 entry_point = 0x7fefa1e9e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1487 start_va = 0x7fefa220000 end_va = 0x7fefa283fff monitored = 0 entry_point = 0x7fefa221254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1488 start_va = 0x7fefa290000 end_va = 0x7fefa300fff monitored = 0 entry_point = 0x7fefa291010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1489 start_va = 0x7fefa3d0000 end_va = 0x7fefa3e6fff monitored = 0 entry_point = 0x7fefa3d1060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1490 start_va = 0x7fefa3f0000 end_va = 0x7fefa59ffff monitored = 0 entry_point = 0x7fefa3f1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1491 start_va = 0x7fefa770000 end_va = 0x7fefa777fff monitored = 0 entry_point = 0x7fefa771414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1492 start_va = 0x7fefa7a0000 end_va = 0x7fefa7a8fff monitored = 0 entry_point = 0x7fefa7a11a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 1493 start_va = 0x7fefa9b0000 end_va = 0x7fefaa26fff monitored = 0 entry_point = 0x7fefa9bafd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1494 start_va = 0x7fefaa30000 end_va = 0x7fefaa39fff monitored = 0 entry_point = 0x7fefaa3260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 1495 start_va = 0x7fefaa40000 end_va = 0x7fefab51fff monitored = 0 entry_point = 0x7fefaa5f354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1496 start_va = 0x7fefab60000 end_va = 0x7fefab6efff monitored = 0 entry_point = 0x7fefab67e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 1497 start_va = 0x7fefab70000 end_va = 0x7fefab78fff monitored = 0 entry_point = 0x7fefab73668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 1498 start_va = 0x7fefab80000 end_va = 0x7fefab88fff monitored = 0 entry_point = 0x7fefab81020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 1499 start_va = 0x7fefab90000 end_va = 0x7fefabe5fff monitored = 0 entry_point = 0x7fefab91040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1500 start_va = 0x7fefabf0000 end_va = 0x7fefac4dfff monitored = 0 entry_point = 0x7fefabf9024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1501 start_va = 0x7fefac50000 end_va = 0x7fefac67fff monitored = 0 entry_point = 0x7fefac51bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1502 start_va = 0x7fefac70000 end_va = 0x7fefac80fff monitored = 0 entry_point = 0x7fefac716ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1503 start_va = 0x7fefaca0000 end_va = 0x7fefacf2fff monitored = 0 entry_point = 0x7fefaca2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1504 start_va = 0x7fefb290000 end_va = 0x7fefb2a3fff monitored = 0 entry_point = 0x7fefb293e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1505 start_va = 0x7fefb2b0000 end_va = 0x7fefb2bafff monitored = 0 entry_point = 0x7fefb2b1198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1506 start_va = 0x7fefb2c0000 end_va = 0x7fefb2e6fff monitored = 0 entry_point = 0x7fefb2c98bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1507 start_va = 0x7fefb2f0000 end_va = 0x7fefb356fff monitored = 0 entry_point = 0x7fefb306060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1508 start_va = 0x7fefb370000 end_va = 0x7fefb37afff monitored = 0 entry_point = 0x7fefb374f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1509 start_va = 0x7fefb380000 end_va = 0x7fefb38bfff monitored = 0 entry_point = 0x7fefb3815d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1510 start_va = 0x7fefb390000 end_va = 0x7fefb39ffff monitored = 0 entry_point = 0x7fefb39835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1511 start_va = 0x7fefb3a0000 end_va = 0x7fefb3b8fff monitored = 0 entry_point = 0x7fefb3a11a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1512 start_va = 0x7fefb3c0000 end_va = 0x7fefb3f6fff monitored = 0 entry_point = 0x7fefb3c8424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1513 start_va = 0x7fefb440000 end_va = 0x7fefb454fff monitored = 0 entry_point = 0x7fefb4460d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1514 start_va = 0x7fefb460000 end_va = 0x7fefb521fff monitored = 0 entry_point = 0x7fefb46101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1515 start_va = 0x7fefb760000 end_va = 0x7fefb768fff monitored = 0 entry_point = 0x7fefb761010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1516 start_va = 0x7fefb850000 end_va = 0x7fefb87cfff monitored = 0 entry_point = 0x7fefb851010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1517 start_va = 0x7fefb880000 end_va = 0x7fefb890fff monitored = 0 entry_point = 0x7fefb8814c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1518 start_va = 0x7fefb8e0000 end_va = 0x7fefb950fff monitored = 0 entry_point = 0x7fefb91ecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1519 start_va = 0x7fefb9d0000 end_va = 0x7fefb9e3fff monitored = 0 entry_point = 0x7fefb9d16b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1520 start_va = 0x7fefb9f0000 end_va = 0x7fefba04fff monitored = 0 entry_point = 0x7fefb9f1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1521 start_va = 0x7fefba10000 end_va = 0x7fefba1bfff monitored = 0 entry_point = 0x7fefba118a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1522 start_va = 0x7fefba20000 end_va = 0x7fefba35fff monitored = 0 entry_point = 0x7fefba211a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1523 start_va = 0x7fefbb50000 end_va = 0x7fefbb60fff monitored = 0 entry_point = 0x7fefbb51070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1524 start_va = 0x7fefbcb0000 end_va = 0x7fefbce4fff monitored = 0 entry_point = 0x7fefbcb1064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1525 start_va = 0x7fefc120000 end_va = 0x7fefc175fff monitored = 0 entry_point = 0x7fefc12bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1526 start_va = 0x7fefc180000 end_va = 0x7fefc2abfff monitored = 0 entry_point = 0x7fefc1894bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1527 start_va = 0x7fefc2b0000 end_va = 0x7fefc2ccfff monitored = 0 entry_point = 0x7fefc2b1ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1528 start_va = 0x7fefc300000 end_va = 0x7fefc4f3fff monitored = 0 entry_point = 0x7fefc48c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1529 start_va = 0x7fefc990000 end_va = 0x7fefc99bfff monitored = 0 entry_point = 0x7fefc991064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1530 start_va = 0x7fefc9a0000 end_va = 0x7fefca5afff monitored = 0 entry_point = 0x7fefc9a6de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1531 start_va = 0x7fefca60000 end_va = 0x7fefca66fff monitored = 0 entry_point = 0x7fefca614b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1532 start_va = 0x7fefcb50000 end_va = 0x7fefcb6afff monitored = 0 entry_point = 0x7fefcb52068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1533 start_va = 0x7fefcb70000 end_va = 0x7fefcb8dfff monitored = 0 entry_point = 0x7fefcb713b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1534 start_va = 0x7fefcb90000 end_va = 0x7fefcba1fff monitored = 0 entry_point = 0x7fefcb91060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1535 start_va = 0x7fefcbb0000 end_va = 0x7fefcbcefff monitored = 0 entry_point = 0x7fefcbb5c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 1536 start_va = 0x7fefcc80000 end_va = 0x7fefccb8fff monitored = 0 entry_point = 0x7fefcc8c0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1537 start_va = 0x7fefccc0000 end_va = 0x7fefccc9fff monitored = 0 entry_point = 0x7fefccc3cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1538 start_va = 0x7fefccd0000 end_va = 0x7fefccdcfff monitored = 0 entry_point = 0x7fefccd1348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 1539 start_va = 0x7fefcdc0000 end_va = 0x7fefce06fff monitored = 0 entry_point = 0x7fefcdc1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1540 start_va = 0x7fefceb0000 end_va = 0x7fefcedffff monitored = 0 entry_point = 0x7fefceb194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1541 start_va = 0x7fefcee0000 end_va = 0x7fefcf3afff monitored = 0 entry_point = 0x7fefcee6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1542 start_va = 0x7fefd050000 end_va = 0x7fefd056fff monitored = 0 entry_point = 0x7fefd05142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1543 start_va = 0x7fefd060000 end_va = 0x7fefd0b4fff monitored = 0 entry_point = 0x7fefd061054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1544 start_va = 0x7fefd0c0000 end_va = 0x7fefd0d7fff monitored = 0 entry_point = 0x7fefd0c3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1545 start_va = 0x7fefd1d0000 end_va = 0x7fefd201fff monitored = 0 entry_point = 0x7fefd1d144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1546 start_va = 0x7fefd210000 end_va = 0x7fefd217fff monitored = 0 entry_point = 0x7fefd212a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 1547 start_va = 0x7fefd220000 end_va = 0x7fefd229fff monitored = 0 entry_point = 0x7fefd223b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1548 start_va = 0x7fefd230000 end_va = 0x7fefd251fff monitored = 0 entry_point = 0x7fefd235d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1549 start_va = 0x7fefd2b0000 end_va = 0x7fefd2defff monitored = 0 entry_point = 0x7fefd2b1064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1550 start_va = 0x7fefd2f0000 end_va = 0x7fefd35cfff monitored = 0 entry_point = 0x7fefd2f1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1551 start_va = 0x7fefd360000 end_va = 0x7fefd373fff monitored = 0 entry_point = 0x7fefd364160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1552 start_va = 0x7fefd5c0000 end_va = 0x7fefd5e2fff monitored = 0 entry_point = 0x7fefd5c1198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1553 start_va = 0x7fefd660000 end_va = 0x7fefd66afff monitored = 0 entry_point = 0x7fefd661030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1554 start_va = 0x7fefd690000 end_va = 0x7fefd6b4fff monitored = 0 entry_point = 0x7fefd699658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1555 start_va = 0x7fefd6c0000 end_va = 0x7fefd6cefff monitored = 0 entry_point = 0x7fefd6c1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1556 start_va = 0x7fefd6d0000 end_va = 0x7fefd760fff monitored = 0 entry_point = 0x7fefd6d1440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1557 start_va = 0x7fefd770000 end_va = 0x7fefd7acfff monitored = 0 entry_point = 0x7fefd7718f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1558 start_va = 0x7fefd7b0000 end_va = 0x7fefd7c3fff monitored = 0 entry_point = 0x7fefd7b10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1559 start_va = 0x7fefd7d0000 end_va = 0x7fefd7defff monitored = 0 entry_point = 0x7fefd7d19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1560 start_va = 0x7fefd870000 end_va = 0x7fefd87efff monitored = 0 entry_point = 0x7fefd871020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1561 start_va = 0x7fefd920000 end_va = 0x7fefd98bfff monitored = 0 entry_point = 0x7fefd922780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1562 start_va = 0x7fefd990000 end_va = 0x7fefd9a9fff monitored = 0 entry_point = 0x7fefd991558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1563 start_va = 0x7fefd9b0000 end_va = 0x7fefd9e5fff monitored = 0 entry_point = 0x7fefd9b1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1564 start_va = 0x7fefd9f0000 end_va = 0x7fefda2afff monitored = 0 entry_point = 0x7fefd9f1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1565 start_va = 0x7fefda30000 end_va = 0x7fefdb9cfff monitored = 0 entry_point = 0x7fefda310b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1566 start_va = 0x7fefde50000 end_va = 0x7fefdee8fff monitored = 0 entry_point = 0x7fefde51c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1567 start_va = 0x7fefdef0000 end_va = 0x7fefdf0efff monitored = 0 entry_point = 0x7fefdef60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1568 start_va = 0x7fefdf10000 end_va = 0x7fefe112fff monitored = 0 entry_point = 0x7fefdf33330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1569 start_va = 0x7fefe120000 end_va = 0x7fefe1e8fff monitored = 0 entry_point = 0x7fefe19a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1570 start_va = 0x7fefe1f0000 end_va = 0x7fefef77fff monitored = 0 entry_point = 0x7fefe26cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1571 start_va = 0x7fefef80000 end_va = 0x7fefef8dfff monitored = 0 entry_point = 0x7fefef81080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1572 start_va = 0x7fefef90000 end_va = 0x7feff166fff monitored = 0 entry_point = 0x7fefef91010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1573 start_va = 0x7feff3d0000 end_va = 0x7feff4d8fff monitored = 0 entry_point = 0x7feff3d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1574 start_va = 0x7feff4e0000 end_va = 0x7feff531fff monitored = 0 entry_point = 0x7feff4e10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1575 start_va = 0x7feff540000 end_va = 0x7feff547fff monitored = 0 entry_point = 0x7feff541504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1576 start_va = 0x7feff550000 end_va = 0x7feff626fff monitored = 0 entry_point = 0x7feff553274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1577 start_va = 0x7feff630000 end_va = 0x7feff6a0fff monitored = 0 entry_point = 0x7feff641e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1578 start_va = 0x7feff7d0000 end_va = 0x7feff86efff monitored = 0 entry_point = 0x7feff7d25a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1579 start_va = 0x7feff870000 end_va = 0x7feff94afff monitored = 0 entry_point = 0x7feff890760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1580 start_va = 0x7feff950000 end_va = 0x7feff97dfff monitored = 0 entry_point = 0x7feff951010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1581 start_va = 0x7feff980000 end_va = 0x7feff9e6fff monitored = 0 entry_point = 0x7feff98b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1582 start_va = 0x7feffa10000 end_va = 0x7feffa5cfff monitored = 0 entry_point = 0x7feffa11070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1583 start_va = 0x7feffa60000 end_va = 0x7feffb8cfff monitored = 0 entry_point = 0x7feffaaed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1584 start_va = 0x7feffba0000 end_va = 0x7feffba0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1585 start_va = 0x7fffff5a000 end_va = 0x7fffff5bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5a000" filename = "" Region: id = 1586 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 1587 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 1588 start_va = 0x7fffff60000 end_va = 0x7fffff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 1589 start_va = 0x7fffff64000 end_va = 0x7fffff65fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff64000" filename = "" Region: id = 1590 start_va = 0x7fffff66000 end_va = 0x7fffff67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 1591 start_va = 0x7fffff68000 end_va = 0x7fffff69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 1592 start_va = 0x7fffff6a000 end_va = 0x7fffff6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6a000" filename = "" Region: id = 1593 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 1594 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 1595 start_va = 0x7fffff72000 end_va = 0x7fffff73fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 1596 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 1597 start_va = 0x7fffff76000 end_va = 0x7fffff77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 1598 start_va = 0x7fffff78000 end_va = 0x7fffff79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 1599 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 1600 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 1601 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 1602 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 1603 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 1604 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 1605 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 1606 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 1607 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 1608 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 1609 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1610 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 1611 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 1612 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1613 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1614 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1615 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1616 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1617 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1618 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1619 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1620 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1621 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1622 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1623 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1624 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1625 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1626 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1627 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1628 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1629 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1630 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 1631 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1632 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 2675 start_va = 0x32c0000 end_va = 0x333ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032c0000" filename = "" Region: id = 2681 start_va = 0x23c0000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 2682 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Thread: id = 15 os_tid = 0xdd8 Thread: id = 16 os_tid = 0xdd0 Thread: id = 17 os_tid = 0xdcc Thread: id = 18 os_tid = 0xdc8 Thread: id = 19 os_tid = 0xdc4 Thread: id = 20 os_tid = 0xd18 Thread: id = 21 os_tid = 0xd14 Thread: id = 22 os_tid = 0x518 Thread: id = 23 os_tid = 0x644 Thread: id = 24 os_tid = 0x35c Thread: id = 25 os_tid = 0x260 Thread: id = 26 os_tid = 0x6d8 Thread: id = 27 os_tid = 0x358 Thread: id = 28 os_tid = 0x628 Thread: id = 29 os_tid = 0x24c Thread: id = 30 os_tid = 0x7a8 Thread: id = 31 os_tid = 0x7c4 Thread: id = 32 os_tid = 0x118 Thread: id = 33 os_tid = 0x750 Thread: id = 34 os_tid = 0x770 Thread: id = 35 os_tid = 0x58c Thread: id = 36 os_tid = 0x354 Thread: id = 37 os_tid = 0x314 Thread: id = 38 os_tid = 0x7c0 Thread: id = 39 os_tid = 0x6cc Thread: id = 40 os_tid = 0x6a8 Thread: id = 41 os_tid = 0x658 Thread: id = 42 os_tid = 0x634 Thread: id = 43 os_tid = 0x624 Thread: id = 44 os_tid = 0x5f8 Thread: id = 45 os_tid = 0x5e8 Thread: id = 46 os_tid = 0x460 Thread: id = 47 os_tid = 0x45c Thread: id = 48 os_tid = 0x150 Thread: id = 49 os_tid = 0x144 Thread: id = 50 os_tid = 0x458 Thread: id = 51 os_tid = 0x454 Thread: id = 52 os_tid = 0x44c Thread: id = 53 os_tid = 0x1cc Thread: id = 54 os_tid = 0x3f8 Thread: id = 55 os_tid = 0x3f0 Thread: id = 56 os_tid = 0x3e4 Thread: id = 57 os_tid = 0x388 Thread: id = 58 os_tid = 0x384 Thread: id = 59 os_tid = 0x378 Thread: id = 60 os_tid = 0x370 Thread: id = 88 os_tid = 0xe6c Thread: id = 89 os_tid = 0xe70 Thread: id = 113 os_tid = 0xe74 Thread: id = 114 os_tid = 0xe78 Thread: id = 119 os_tid = 0xecc Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x4de95000" os_pid = "0xa78" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x254" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00075e1c" [0xc000000f] Region: id = 1637 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1638 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1639 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1640 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1641 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1642 start_va = 0xc0000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1643 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1644 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1645 start_va = 0x1a0000 end_va = 0x1a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1646 start_va = 0x1b0000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1647 start_va = 0x230000 end_va = 0x32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1648 start_va = 0x330000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 1649 start_va = 0x430000 end_va = 0x5b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 1650 start_va = 0x5c0000 end_va = 0x740fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1651 start_va = 0x750000 end_va = 0xa1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1652 start_va = 0xa20000 end_va = 0xa20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 1653 start_va = 0xa30000 end_va = 0xa30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 1654 start_va = 0xa40000 end_va = 0xa40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 1655 start_va = 0xa50000 end_va = 0xa5cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1656 start_va = 0xa60000 end_va = 0xa61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 1657 start_va = 0xa80000 end_va = 0xa82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 1658 start_va = 0xa90000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 1659 start_va = 0xb30000 end_va = 0xbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 1660 start_va = 0xbc0000 end_va = 0xc3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 1661 start_va = 0xd00000 end_va = 0xd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 1662 start_va = 0xda0000 end_va = 0xe1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 1663 start_va = 0xe30000 end_va = 0xeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 1664 start_va = 0xf00000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 1665 start_va = 0xff0000 end_va = 0x106ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 1666 start_va = 0x1070000 end_va = 0x116ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001070000" filename = "" Region: id = 1667 start_va = 0x72d50000 end_va = 0x72d52fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 1668 start_va = 0x72d60000 end_va = 0x72d62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 1669 start_va = 0x77660000 end_va = 0x7777efff monitored = 0 entry_point = 0x77675340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1670 start_va = 0x77780000 end_va = 0x77879fff monitored = 0 entry_point = 0x7779a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1671 start_va = 0x77880000 end_va = 0x77a28fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1672 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1673 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1674 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1675 start_va = 0x13f480000 end_va = 0x13f4ebfff monitored = 0 entry_point = 0x13f4bb450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1676 start_va = 0x7fef2280000 end_va = 0x7fef2289fff monitored = 0 entry_point = 0x7fef22831c8 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 1677 start_va = 0x7fef2290000 end_va = 0x7fef22a1fff monitored = 0 entry_point = 0x7fef229aab8 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 1678 start_va = 0x7fef22b0000 end_va = 0x7fef24a9fff monitored = 1 entry_point = 0x7fef22c4c9c region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 1679 start_va = 0x7fef4dc0000 end_va = 0x7fef4e02fff monitored = 0 entry_point = 0x7fef4de1b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1680 start_va = 0x7fef7270000 end_va = 0x7fef729bfff monitored = 0 entry_point = 0x7fef7288194 region_type = mapped_file name = "wmipcima.dll" filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll") Region: id = 1681 start_va = 0x7fef9690000 end_va = 0x7fef96a1fff monitored = 0 entry_point = 0x7fef96989d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1682 start_va = 0x7fef97d0000 end_va = 0x7fef97f0fff monitored = 0 entry_point = 0x7fef97e03b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1683 start_va = 0x7fef98f0000 end_va = 0x7fef9902fff monitored = 0 entry_point = 0x7fef98f1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1684 start_va = 0x7fef9bd0000 end_va = 0x7fef9bddfff monitored = 0 entry_point = 0x7fef9bd5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1685 start_va = 0x7fef9be0000 end_va = 0x7fef9c06fff monitored = 0 entry_point = 0x7fef9be11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1686 start_va = 0x7fef9c10000 end_va = 0x7fef9ce2fff monitored = 0 entry_point = 0x7fef9c88b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1687 start_va = 0x7fef9e70000 end_va = 0x7fef9ee6fff monitored = 1 entry_point = 0x7fef9eae7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1688 start_va = 0x7fefb130000 end_va = 0x7fefb13efff monitored = 0 entry_point = 0x7fefb131040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1689 start_va = 0x7fefb380000 end_va = 0x7fefb38bfff monitored = 0 entry_point = 0x7fefb3815d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1690 start_va = 0x7fefb770000 end_va = 0x7fefb79bfff monitored = 0 entry_point = 0x7fefb7715c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1691 start_va = 0x7fefb850000 end_va = 0x7fefb87cfff monitored = 0 entry_point = 0x7fefb851010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1692 start_va = 0x7fefb8b0000 end_va = 0x7fefb8b7fff monitored = 0 entry_point = 0x7fefb8b11a0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1693 start_va = 0x7fefb9d0000 end_va = 0x7fefb9e3fff monitored = 0 entry_point = 0x7fefb9d16b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1694 start_va = 0x7fefb9f0000 end_va = 0x7fefba04fff monitored = 0 entry_point = 0x7fefb9f1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1695 start_va = 0x7fefba10000 end_va = 0x7fefba1bfff monitored = 0 entry_point = 0x7fefba118a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1696 start_va = 0x7fefba20000 end_va = 0x7fefba35fff monitored = 0 entry_point = 0x7fefba211a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1697 start_va = 0x7fefbb50000 end_va = 0x7fefbb60fff monitored = 0 entry_point = 0x7fefbb51070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1698 start_va = 0x7fefccc0000 end_va = 0x7fefccc9fff monitored = 0 entry_point = 0x7fefccc3cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1699 start_va = 0x7fefcdc0000 end_va = 0x7fefce06fff monitored = 0 entry_point = 0x7fefcdc1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1700 start_va = 0x7fefce50000 end_va = 0x7fefcea6fff monitored = 0 entry_point = 0x7fefce55e38 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1701 start_va = 0x7fefceb0000 end_va = 0x7fefcedffff monitored = 0 entry_point = 0x7fefceb194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1702 start_va = 0x7fefd0c0000 end_va = 0x7fefd0d7fff monitored = 0 entry_point = 0x7fefd0c3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1703 start_va = 0x7fefd230000 end_va = 0x7fefd251fff monitored = 0 entry_point = 0x7fefd235d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1704 start_va = 0x7fefd5c0000 end_va = 0x7fefd5e2fff monitored = 0 entry_point = 0x7fefd5c1198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1705 start_va = 0x7fefd660000 end_va = 0x7fefd66afff monitored = 0 entry_point = 0x7fefd661030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1706 start_va = 0x7fefd690000 end_va = 0x7fefd6b4fff monitored = 0 entry_point = 0x7fefd699658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1707 start_va = 0x7fefd6c0000 end_va = 0x7fefd6cefff monitored = 0 entry_point = 0x7fefd6c1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1708 start_va = 0x7fefd770000 end_va = 0x7fefd7acfff monitored = 0 entry_point = 0x7fefd7718f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1709 start_va = 0x7fefd7b0000 end_va = 0x7fefd7c3fff monitored = 0 entry_point = 0x7fefd7b10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1710 start_va = 0x7fefd870000 end_va = 0x7fefd87efff monitored = 0 entry_point = 0x7fefd871020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1711 start_va = 0x7fefd920000 end_va = 0x7fefd98bfff monitored = 0 entry_point = 0x7fefd922780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1712 start_va = 0x7fefd990000 end_va = 0x7fefd9a9fff monitored = 0 entry_point = 0x7fefd991558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1713 start_va = 0x7fefd9b0000 end_va = 0x7fefd9e5fff monitored = 0 entry_point = 0x7fefd9b1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1714 start_va = 0x7fefd9f0000 end_va = 0x7fefda2afff monitored = 0 entry_point = 0x7fefd9f1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1715 start_va = 0x7fefda30000 end_va = 0x7fefdb9cfff monitored = 0 entry_point = 0x7fefda310b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1716 start_va = 0x7fefde50000 end_va = 0x7fefdee8fff monitored = 0 entry_point = 0x7fefde51c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1717 start_va = 0x7fefdef0000 end_va = 0x7fefdf0efff monitored = 0 entry_point = 0x7fefdef60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1718 start_va = 0x7fefdf10000 end_va = 0x7fefe112fff monitored = 0 entry_point = 0x7fefdf33330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1719 start_va = 0x7fefe120000 end_va = 0x7fefe1e8fff monitored = 0 entry_point = 0x7fefe19a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1720 start_va = 0x7fefef80000 end_va = 0x7fefef8dfff monitored = 0 entry_point = 0x7fefef81080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1721 start_va = 0x7fefef90000 end_va = 0x7feff166fff monitored = 0 entry_point = 0x7fefef91010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1722 start_va = 0x7feff3d0000 end_va = 0x7feff4d8fff monitored = 0 entry_point = 0x7feff3d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1723 start_va = 0x7feff4e0000 end_va = 0x7feff531fff monitored = 0 entry_point = 0x7feff4e10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1724 start_va = 0x7feff540000 end_va = 0x7feff547fff monitored = 0 entry_point = 0x7feff541504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1725 start_va = 0x7feff550000 end_va = 0x7feff626fff monitored = 0 entry_point = 0x7feff553274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1726 start_va = 0x7feff7d0000 end_va = 0x7feff86efff monitored = 0 entry_point = 0x7feff7d25a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1727 start_va = 0x7feff870000 end_va = 0x7feff94afff monitored = 0 entry_point = 0x7feff890760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1728 start_va = 0x7feff950000 end_va = 0x7feff97dfff monitored = 0 entry_point = 0x7feff951010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1729 start_va = 0x7feff980000 end_va = 0x7feff9e6fff monitored = 0 entry_point = 0x7feff98b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1730 start_va = 0x7feffa10000 end_va = 0x7feffa5cfff monitored = 0 entry_point = 0x7feffa11070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1731 start_va = 0x7feffa60000 end_va = 0x7feffb8cfff monitored = 0 entry_point = 0x7feffaaed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1732 start_va = 0x7feffba0000 end_va = 0x7feffba0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1733 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1734 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1735 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1736 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1737 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1738 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1739 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1740 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1741 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1742 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1743 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2096 start_va = 0xfb0000 end_va = 0x102ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 2680 start_va = 0x11e0000 end_va = 0x125ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011e0000" filename = "" Thread: id = 61 os_tid = 0xab4 Thread: id = 62 os_tid = 0xa54 Thread: id = 63 os_tid = 0xa28 [0152.067] DllCanUnloadNow () returned 0x1 [0272.863] DllCanUnloadNow () returned 0x1 Thread: id = 64 os_tid = 0xa2c Thread: id = 65 os_tid = 0xa30 [0118.359] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0118.389] SetLastError (dwErrCode=0x0) [0118.389] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xeae3e8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xeae2f0 | out: pulNumLanguages=0xeae3e8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xeae2f0) returned 1 [0118.390] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x8) returned 0x36da30 [0118.390] SetLastError (dwErrCode=0x0) [0118.390] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xeae3e8, pwszLanguagesBuffer=0x36da30, pcchLanguagesBuffer=0xeae2f0 | out: pulNumLanguages=0xeae3e8, pwszLanguagesBuffer=0x36da30, pcchLanguagesBuffer=0xeae2f0) returned 1 [0118.390] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x8) returned 0x36da90 [0118.390] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x36da30 | out: hHeap=0x330000) returned 1 [0118.390] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x20) returned 0x397000 [0118.390] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x397000, pulNumLanguages=0xeae3e8 | out: pulNumLanguages=0xeae3e8) returned 1 [0118.398] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x397000 | out: hHeap=0x330000) returned 1 [0118.421] SafeArrayGetElemsize (psa=0x3dcbf0) returned 0x8 [0118.421] SafeArrayPutElement (psa=0x3dcbf0, rgIndices=0xeadc20, pv=0x3d2a18) returned 0x0 [0118.421] SafeArrayRedim (in: psa=0x3dcbf0, psaboundNew=0xeadc38 | out: psa=0x3dcbf0) returned 0x0 [0118.421] SafeArrayCopy (in: psa=0x3dcbf0, ppsaOut=0xeadb80 | out: ppsaOut=0xeadb80) returned 0x0 [0118.431] malloc (_Size=0x600) returned 0x269a30 [0118.431] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0xeadb3c | out: Buffer=0x0, ReturnedLength=0xeadb3c) returned 0 [0118.431] GetLastError () returned 0x7a [0118.431] malloc (_Size=0x250) returned 0x26a040 [0118.431] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x26a040, ReturnedLength=0xeadb3c | out: Buffer=0x26a040, ReturnedLength=0xeadb3c) returned 1 [0118.432] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0118.432] GetMaximumProcessorGroupCount () returned 0x1 [0118.432] malloc (_Size=0x40) returned 0x25d900 [0118.432] malloc (_Size=0x40) returned 0x25d950 [0118.432] malloc (_Size=0x8) returned 0x263890 [0118.440] memcpy (in: _Dst=0x25d900, _Src=0x26a060, _Size=0x10 | out: _Dst=0x25d900) returned 0x25d900 [0118.440] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4 [0118.440] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0xeadb34, InputBufferLength=0x2, OutputBuffer=0x269a30, OutputBufferLength=0x60 | out: OutputBuffer=0x269a30) returned 0x0 [0118.441] _vsnwprintf (in: _Buffer=0xead9d0, _BufferCount=0x63, _Format="CPU%d", _ArgList=0xead2c8 | out: _Buffer="CPU0") returned 4 [0118.442] GetCurrentThread () returned 0xfffffffffffffffe [0118.442] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0xead1a0, PreviousGroupAffinity=0xead1b0 | out: PreviousGroupAffinity=0xead1b0) returned 1 [0118.442] GetSystemInfo (in: lpSystemInfo=0xead360 | out: lpSystemInfo=0xead360*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x6a06)) [0118.443] mbstowcs (in: _Dest=0xead5e8, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc [0118.443] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0 [0118.448] mbstowcs (in: _Dest=0xead458, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27 [0118.448] GetCurrentThread () returned 0xfffffffffffffffe [0118.448] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0xead1b0, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1 [0118.460] LoadStringW (in: hInstance=0x7fef22b0000, uID=0x2c, lpBuffer=0xead020, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6 [0118.477] _vsnwprintf (in: _Buffer=0xead900, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0xead2c8 | out: _Buffer="0F8BFBFF000606A6") returned 16 [0118.479] lstrlenW (lpString=" 0") returned 2 [0118.480] lstrlenW (lpString="Intel(R) Xeon(R) Silver 4314 CPU @ 2.40GHz") returned 42 [0118.481] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1 [0118.482] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1 [0118.482] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1 [0118.482] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1 [0118.482] _vsnwprintf (in: _Buffer=0xeadbe0, _BufferCount=0x63, _Format="CPU%d", _ArgList=0xeadb08 | out: _Buffer="CPU0") returned 4 [0118.484] free (_Block=0x263890) [0118.485] free (_Block=0x25d950) [0118.485] free (_Block=0x25d900) [0118.485] free (_Block=0x26a040) [0118.486] free (_Block=0x269a30) [0118.527] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x4) returned 0x36da30 [0118.527] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x36da30, pulNumLanguages=0xeae3e0 | out: pulNumLanguages=0xeae3e0) returned 1 [0118.528] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x36da30 | out: hHeap=0x330000) returned 1 [0121.155] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 Thread: id = 66 os_tid = 0xa34 Thread: id = 67 os_tid = 0xa38 Thread: id = 68 os_tid = 0xad8 Thread: id = 69 os_tid = 0xad4 Thread: id = 87 os_tid = 0xe4c Thread: id = 118 os_tid = 0xec0 Process: id = "5" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x64a7a000" os_pid = "0x224" os_integrity_level = "0x4000" os_privileges = "0xe60b1e990" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x254" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000da1c" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1893 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1894 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1895 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1896 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1897 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1898 start_va = 0xc0000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1899 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1900 start_va = 0x190000 end_va = 0x194fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1901 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1902 start_va = 0x1b0000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1903 start_va = 0x230000 end_va = 0x32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1904 start_va = 0x330000 end_va = 0x330fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 1905 start_va = 0x340000 end_va = 0x340fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1906 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mofd.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\mofd.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\mofd.dll.mui") Region: id = 1907 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1908 start_va = 0x3a0000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1909 start_va = 0x420000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1910 start_va = 0x520000 end_va = 0x6a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1911 start_va = 0x6b0000 end_va = 0x830fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 1912 start_va = 0x840000 end_va = 0xb0efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1913 start_va = 0xb10000 end_va = 0xb61fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32.dll.mui") Region: id = 1914 start_va = 0xc60000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c60000" filename = "" Region: id = 1915 start_va = 0xd50000 end_va = 0xdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 1916 start_va = 0xde0000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 1917 start_va = 0xe60000 end_va = 0xf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 1918 start_va = 0xf60000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 1919 start_va = 0x1010000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 1920 start_va = 0x1100000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 1921 start_va = 0x1180000 end_va = 0x127ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 1922 start_va = 0x1320000 end_va = 0x151ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 1923 start_va = 0x1520000 end_va = 0x191ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001520000" filename = "" Region: id = 1924 start_va = 0x1a40000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a40000" filename = "" Region: id = 1925 start_va = 0x22e0000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1926 start_va = 0x77660000 end_va = 0x7777efff monitored = 0 entry_point = 0x77675340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1927 start_va = 0x77780000 end_va = 0x77879fff monitored = 0 entry_point = 0x7779a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1928 start_va = 0x77880000 end_va = 0x77a28fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1929 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1930 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1931 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1932 start_va = 0x13f480000 end_va = 0x13f4ebfff monitored = 0 entry_point = 0x13f4bb450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1933 start_va = 0x7fef2200000 end_va = 0x7fef224dfff monitored = 0 entry_point = 0x7fef2201198 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 1934 start_va = 0x7fef2250000 end_va = 0x7fef2274fff monitored = 1 entry_point = 0x7fef2268d6c region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 1935 start_va = 0x7fef46a0000 end_va = 0x7fef46dcfff monitored = 0 entry_point = 0x7fef46c6f40 region_type = mapped_file name = "mofd.dll" filename = "\\Windows\\System32\\wbem\\mofd.dll" (normalized: "c:\\windows\\system32\\wbem\\mofd.dll") Region: id = 1936 start_va = 0x7fef4cc0000 end_va = 0x7fef4d45fff monitored = 1 entry_point = 0x7fef4ccffd0 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1937 start_va = 0x7fef4d50000 end_va = 0x7fef4d8bfff monitored = 1 entry_point = 0x7fef4d75aa8 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 1938 start_va = 0x7fef9690000 end_va = 0x7fef96a1fff monitored = 0 entry_point = 0x7fef96989d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1939 start_va = 0x7fef97d0000 end_va = 0x7fef97f0fff monitored = 0 entry_point = 0x7fef97e03b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1940 start_va = 0x7fef98f0000 end_va = 0x7fef9902fff monitored = 0 entry_point = 0x7fef98f1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1941 start_va = 0x7fef9bd0000 end_va = 0x7fef9bddfff monitored = 0 entry_point = 0x7fef9bd5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1942 start_va = 0x7fef9be0000 end_va = 0x7fef9c06fff monitored = 0 entry_point = 0x7fef9be11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1943 start_va = 0x7fef9c10000 end_va = 0x7fef9ce2fff monitored = 0 entry_point = 0x7fef9c88b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1944 start_va = 0x7fef9e70000 end_va = 0x7fef9ee6fff monitored = 1 entry_point = 0x7fef9eae7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1945 start_va = 0x7fefb850000 end_va = 0x7fefb87cfff monitored = 0 entry_point = 0x7fefb851010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1946 start_va = 0x7fefcdc0000 end_va = 0x7fefce06fff monitored = 0 entry_point = 0x7fefcdc1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1947 start_va = 0x7fefd0c0000 end_va = 0x7fefd0d7fff monitored = 0 entry_point = 0x7fefd0c3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1948 start_va = 0x7fefd230000 end_va = 0x7fefd251fff monitored = 0 entry_point = 0x7fefd235d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1949 start_va = 0x7fefd2f0000 end_va = 0x7fefd35cfff monitored = 0 entry_point = 0x7fefd2f1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1950 start_va = 0x7fefd6c0000 end_va = 0x7fefd6cefff monitored = 0 entry_point = 0x7fefd6c1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1951 start_va = 0x7fefd7b0000 end_va = 0x7fefd7c3fff monitored = 0 entry_point = 0x7fefd7b10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1952 start_va = 0x7fefd920000 end_va = 0x7fefd98bfff monitored = 0 entry_point = 0x7fefd922780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1953 start_va = 0x7fefde50000 end_va = 0x7fefdee8fff monitored = 0 entry_point = 0x7fefde51c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1954 start_va = 0x7fefdef0000 end_va = 0x7fefdf0efff monitored = 0 entry_point = 0x7fefdef60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1955 start_va = 0x7fefdf10000 end_va = 0x7fefe112fff monitored = 0 entry_point = 0x7fefdf33330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1956 start_va = 0x7fefe120000 end_va = 0x7fefe1e8fff monitored = 0 entry_point = 0x7fefe19a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1957 start_va = 0x7fefef80000 end_va = 0x7fefef8dfff monitored = 0 entry_point = 0x7fefef81080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1958 start_va = 0x7feff3d0000 end_va = 0x7feff4d8fff monitored = 0 entry_point = 0x7feff3d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1959 start_va = 0x7feff4e0000 end_va = 0x7feff531fff monitored = 0 entry_point = 0x7feff4e10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1960 start_va = 0x7feff540000 end_va = 0x7feff547fff monitored = 0 entry_point = 0x7feff541504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1961 start_va = 0x7feff550000 end_va = 0x7feff626fff monitored = 0 entry_point = 0x7feff553274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1962 start_va = 0x7feff7d0000 end_va = 0x7feff86efff monitored = 0 entry_point = 0x7feff7d25a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1963 start_va = 0x7feff870000 end_va = 0x7feff94afff monitored = 0 entry_point = 0x7feff890760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1964 start_va = 0x7feff950000 end_va = 0x7feff97dfff monitored = 0 entry_point = 0x7feff951010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1965 start_va = 0x7feff980000 end_va = 0x7feff9e6fff monitored = 0 entry_point = 0x7feff98b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1966 start_va = 0x7feffa10000 end_va = 0x7feffa5cfff monitored = 0 entry_point = 0x7feffa11070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1967 start_va = 0x7feffa60000 end_va = 0x7feffb8cfff monitored = 0 entry_point = 0x7feffaaed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1968 start_va = 0x7feffba0000 end_va = 0x7feffba0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1969 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1970 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1971 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1972 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1973 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1974 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1975 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1976 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1977 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2678 start_va = 0xbd0000 end_va = 0xc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 2679 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2683 start_va = 0x1970000 end_va = 0x19effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001970000" filename = "" Thread: id = 70 os_tid = 0x30c Thread: id = 71 os_tid = 0x3b0 Thread: id = 72 os_tid = 0x2b0 [0160.789] DllCanUnloadNow () returned 0x1 [0160.790] DllCanUnloadNow () returned 0x1 [0281.569] DllCanUnloadNow () returned 0x1 [0281.570] DllCanUnloadNow () returned 0x1 Thread: id = 73 os_tid = 0x664 Thread: id = 74 os_tid = 0x244 Thread: id = 75 os_tid = 0x234 Thread: id = 76 os_tid = 0x31c Thread: id = 77 os_tid = 0x49c Thread: id = 78 os_tid = 0x47c Thread: id = 85 os_tid = 0xe28 Thread: id = 116 os_tid = 0xea8 Process: id = "6" image_name = "wmic.exe" filename = "c:\\windows\\system32\\wbem\\wmic.exe" page_root = "0x436f7000" os_pid = "0xe0c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xd74" cmd_line = "wmic path win32_VideoController get name" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0ba" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1752 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1753 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1754 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1755 start_va = 0xf0000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1756 start_va = 0x77880000 end_va = 0x77a28fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1757 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1758 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1759 start_va = 0xffc30000 end_va = 0xffcbcfff monitored = 1 entry_point = 0xffc7cc30 region_type = mapped_file name = "wmic.exe" filename = "\\Windows\\System32\\wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe") Region: id = 1760 start_va = 0x7feffba0000 end_va = 0x7feffba0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1761 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1762 start_va = 0x7fffffd4000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1763 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1764 start_va = 0x170000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1765 start_va = 0x77660000 end_va = 0x7777efff monitored = 0 entry_point = 0x77675340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1766 start_va = 0x7fefd920000 end_va = 0x7fefd98bfff monitored = 0 entry_point = 0x7fefd922780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1767 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1768 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1769 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1770 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1771 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1772 start_va = 0x7feff870000 end_va = 0x7feff94afff monitored = 0 entry_point = 0x7feff890760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1773 start_va = 0x7feff7d0000 end_va = 0x7feff86efff monitored = 0 entry_point = 0x7feff7d25a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1774 start_va = 0x7fefdef0000 end_va = 0x7fefdf0efff monitored = 0 entry_point = 0x7fefdef60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1775 start_va = 0x7feffa60000 end_va = 0x7feffb8cfff monitored = 0 entry_point = 0x7feffaaed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1776 start_va = 0x7fefdf10000 end_va = 0x7fefe112fff monitored = 0 entry_point = 0x7fefdf33330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1777 start_va = 0x7feff980000 end_va = 0x7feff9e6fff monitored = 0 entry_point = 0x7feff98b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1778 start_va = 0x77780000 end_va = 0x77879fff monitored = 0 entry_point = 0x7779a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1779 start_va = 0x7fefef80000 end_va = 0x7fefef8dfff monitored = 0 entry_point = 0x7fefef81080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1780 start_va = 0x7fefe120000 end_va = 0x7fefe1e8fff monitored = 0 entry_point = 0x7fefe19a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1781 start_va = 0x7feff550000 end_va = 0x7feff626fff monitored = 0 entry_point = 0x7feff553274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1782 start_va = 0x7fef4dc0000 end_va = 0x7fef4e02fff monitored = 0 entry_point = 0x7fef4de1b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1783 start_va = 0x7fefd690000 end_va = 0x7fefd6b4fff monitored = 0 entry_point = 0x7fefd699658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1784 start_va = 0x7feff630000 end_va = 0x7feff6a0fff monitored = 0 entry_point = 0x7feff641e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1785 start_va = 0x7feffa10000 end_va = 0x7feffa5cfff monitored = 0 entry_point = 0x7feffa11070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1786 start_va = 0x7feff540000 end_va = 0x7feff547fff monitored = 0 entry_point = 0x7feff541504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1787 start_va = 0x7fefd660000 end_va = 0x7fefd66afff monitored = 0 entry_point = 0x7fefd661030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1788 start_va = 0x7fefb2c0000 end_va = 0x7fefb2e6fff monitored = 0 entry_point = 0x7fefb2c98bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1789 start_va = 0x7fefb2b0000 end_va = 0x7fefb2bafff monitored = 0 entry_point = 0x7fefb2b1198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1790 start_va = 0x290000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 1791 start_va = 0x290000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 1792 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1793 start_va = 0x440000 end_va = 0x5c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 1794 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1795 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1796 start_va = 0x7feff950000 end_va = 0x7feff97dfff monitored = 0 entry_point = 0x7feff951010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1797 start_va = 0x7feff3d0000 end_va = 0x7feff4d8fff monitored = 0 entry_point = 0x7feff3d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1798 start_va = 0x5d0000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 1799 start_va = 0x760000 end_va = 0x1b5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1800 start_va = 0xc0000 end_va = 0xcffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmic.exe.mui" filename = "\\Windows\\System32\\wbem\\en-US\\WMIC.exe.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\wmic.exe.mui") Region: id = 1801 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1802 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1803 start_va = 0x390000 end_va = 0x40cfff monitored = 0 entry_point = 0x39cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1804 start_va = 0x390000 end_va = 0x40cfff monitored = 0 entry_point = 0x39cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1805 start_va = 0x7fefd6c0000 end_va = 0x7fefd6cefff monitored = 0 entry_point = 0x7fefd6c1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1806 start_va = 0x1bd0000 end_va = 0x1c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 1807 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1808 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 1809 start_va = 0x190000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1810 start_va = 0x7fefde50000 end_va = 0x7fefdee8fff monitored = 0 entry_point = 0x7fefde51c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1811 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1812 start_va = 0x7fef9bd0000 end_va = 0x7fef9bddfff monitored = 0 entry_point = 0x7fef9bd5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1813 start_va = 0x7fef9e70000 end_va = 0x7fef9ee6fff monitored = 0 entry_point = 0x7fef9eae7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1814 start_va = 0x7fefd230000 end_va = 0x7fefd251fff monitored = 0 entry_point = 0x7fefd235d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1815 start_va = 0x1c50000 end_va = 0x1f1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1816 start_va = 0x7fef3f70000 end_va = 0x7fef4143fff monitored = 0 entry_point = 0x7fef3fa6b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1817 start_va = 0x1f20000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 1818 start_va = 0x1f20000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 1819 start_va = 0x2040000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 1820 start_va = 0x20c0000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 1821 start_va = 0x2250000 end_va = 0x241ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002250000" filename = "" Region: id = 1822 start_va = 0x2420000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 1823 start_va = 0x390000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1824 start_va = 0x2590000 end_va = 0x271ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 1825 start_va = 0x20c0000 end_va = 0x217ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1826 start_va = 0x21d0000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 1827 start_va = 0x2720000 end_va = 0x2b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002720000" filename = "" Region: id = 1828 start_va = 0x390000 end_va = 0x390fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 1829 start_va = 0x3a0000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1830 start_va = 0x1b60000 end_va = 0x1b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b60000" filename = "" Region: id = 1831 start_va = 0x7fefdba0000 end_va = 0x7fefdd17fff monitored = 0 entry_point = 0x7fefdba10e0 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1832 start_va = 0x7fefdd20000 end_va = 0x7fefde49fff monitored = 0 entry_point = 0x7fefdd210d4 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1833 start_va = 0x7feff170000 end_va = 0x7feff3c8fff monitored = 0 entry_point = 0x7feff171340 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1834 start_va = 0x7fefda30000 end_va = 0x7fefdb9cfff monitored = 0 entry_point = 0x7fefda310b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1835 start_va = 0x7fefd870000 end_va = 0x7fefd87efff monitored = 0 entry_point = 0x7fefd871020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1836 start_va = 0x420000 end_va = 0x421fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1837 start_va = 0x7fefc300000 end_va = 0x7fefc4f3fff monitored = 0 entry_point = 0x7fefc48c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1838 start_va = 0x1b80000 end_va = 0x1b80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1839 start_va = 0x1b90000 end_va = 0x1b91fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b90000" filename = "" Region: id = 1840 start_va = 0x7fefe1f0000 end_va = 0x7fefef77fff monitored = 0 entry_point = 0x7fefe26cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1841 start_va = 0x1b80000 end_va = 0x1b80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 1842 start_va = 0x7fefd7d0000 end_va = 0x7fefd7defff monitored = 0 entry_point = 0x7fefd7d19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1843 start_va = 0x1ba0000 end_va = 0x1baffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 1844 start_va = 0x1bb0000 end_va = 0x1bb7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 1845 start_va = 0x1bc0000 end_va = 0x1bcffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 1846 start_va = 0x7fefcee0000 end_va = 0x7fefcf3afff monitored = 0 entry_point = 0x7fefcee6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1847 start_va = 0x2b20000 end_va = 0x2c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 1848 start_va = 0x7fefc120000 end_va = 0x7fefc175fff monitored = 0 entry_point = 0x7fefc12bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1849 start_va = 0x2250000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002250000" filename = "" Region: id = 1850 start_va = 0x23a0000 end_va = 0x241ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 1851 start_va = 0x2420000 end_va = 0x24fefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002420000" filename = "" Region: id = 1852 start_va = 0x2510000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 1853 start_va = 0x2d40000 end_va = 0x2dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d40000" filename = "" Region: id = 1854 start_va = 0x7fefd0c0000 end_va = 0x7fefd0d7fff monitored = 0 entry_point = 0x7fefd0c3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1855 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1856 start_va = 0x1f20000 end_va = 0x1f64fff monitored = 0 entry_point = 0x1f21064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1857 start_va = 0x1f90000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 1858 start_va = 0x1f20000 end_va = 0x1f64fff monitored = 0 entry_point = 0x1f21064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1859 start_va = 0x1f20000 end_va = 0x1f64fff monitored = 0 entry_point = 0x1f21064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1860 start_va = 0x1f20000 end_va = 0x1f64fff monitored = 0 entry_point = 0x1f21064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1861 start_va = 0x1f20000 end_va = 0x1f64fff monitored = 0 entry_point = 0x1f21064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1862 start_va = 0x7fefcdc0000 end_va = 0x7fefce06fff monitored = 0 entry_point = 0x7fefcdc1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1863 start_va = 0x7fefd7b0000 end_va = 0x7fefd7c3fff monitored = 0 entry_point = 0x7fefd7b10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1864 start_va = 0x2e10000 end_va = 0x2e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 1865 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1866 start_va = 0x2620000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 1867 start_va = 0x26a0000 end_va = 0x271ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 1868 start_va = 0x2ea0000 end_va = 0x2f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 1869 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1870 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1871 start_va = 0x7fef3120000 end_va = 0x7fef3132fff monitored = 0 entry_point = 0x7fef3127b68 region_type = mapped_file name = "msoxmlmf.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSOXMLMF.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msoxmlmf.dll") Region: id = 1872 start_va = 0x7fef8c20000 end_va = 0x7fef8c38fff monitored = 0 entry_point = 0x7fef8c2ee50 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 1873 start_va = 0x7fef8c10000 end_va = 0x7fef8c13fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 1874 start_va = 0x7fef8b10000 end_va = 0x7fef8c01fff monitored = 0 entry_point = 0x7fef8b19060 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1875 start_va = 0x7fef8b00000 end_va = 0x7fef8b02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 1876 start_va = 0x7fef8af0000 end_va = 0x7fef8af2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 1877 start_va = 0x7fef8ae0000 end_va = 0x7fef8ae2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 1878 start_va = 0x7fef9260000 end_va = 0x7fef9262fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1879 start_va = 0x7fef8ad0000 end_va = 0x7fef8ad2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 1880 start_va = 0x7fef8ac0000 end_va = 0x7fef8ac2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 1881 start_va = 0x7fef8ab0000 end_va = 0x7fef8ab2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 1882 start_va = 0x7fef8aa0000 end_va = 0x7fef8aa3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 1883 start_va = 0x7fef8a90000 end_va = 0x7fef8a93fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 1884 start_va = 0x7fef8a80000 end_va = 0x7fef8a83fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 1885 start_va = 0x1f20000 end_va = 0x1f20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 1886 start_va = 0x1f30000 end_va = 0x1f30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 1887 start_va = 0x7fef98f0000 end_va = 0x7fef9902fff monitored = 0 entry_point = 0x7fef98f1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1888 start_va = 0x7fef9c10000 end_va = 0x7fef9ce2fff monitored = 0 entry_point = 0x7fef9c88b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1889 start_va = 0x7fef9be0000 end_va = 0x7fef9c06fff monitored = 0 entry_point = 0x7fef9be11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1890 start_va = 0x1f40000 end_va = 0x1f4afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f40000" filename = "" Region: id = 1891 start_va = 0x7fef7320000 end_va = 0x7fef7336fff monitored = 0 entry_point = 0x7fef732eba0 region_type = mapped_file name = "wmi2xml.dll" filename = "\\Windows\\System32\\wbem\\xml\\wmi2xml.dll" (normalized: "c:\\windows\\system32\\wbem\\xml\\wmi2xml.dll") Region: id = 1892 start_va = 0x2f20000 end_va = 0x301ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f20000" filename = "" Region: id = 1978 start_va = 0x7fef48d0000 end_va = 0x7fef4969fff monitored = 1 entry_point = 0x7fef48de1b8 region_type = mapped_file name = "vbscript.dll" filename = "\\Windows\\System32\\vbscript.dll" (normalized: "c:\\windows\\system32\\vbscript.dll") Region: id = 1979 start_va = 0x1f40000 end_va = 0x1f5afff monitored = 0 entry_point = 0x1f76b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1980 start_va = 0x7fefd6d0000 end_va = 0x7fefd760fff monitored = 0 entry_point = 0x7fefd6d1440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1981 start_va = 0x1f60000 end_va = 0x1f63fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 1982 start_va = 0x3020000 end_va = 0x362cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Thread: id = 79 os_tid = 0xe10 [0120.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f7b0 | out: lpSystemTimeAsFileTime=0x16f7b0*(dwLowDateTime=0x969ff390, dwHighDateTime=0x1da5d2f)) [0120.134] GetCurrentProcessId () returned 0xe0c [0120.134] GetCurrentThreadId () returned 0xe10 [0120.134] GetTickCount () returned 0x14dcb02 [0120.134] QueryPerformanceCounter (in: lpPerformanceCount=0x16f7b8 | out: lpPerformanceCount=0x16f7b8*=2202092908446) returned 1 [0120.134] GetModuleHandleW (lpModuleName=0x0) returned 0xffc30000 [0120.135] __set_app_type (_Type=0x1) [0120.135] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xffc7ced0) returned 0x0 [0120.138] __wgetmainargs (in: _Argc=0xffca2380, _Argv=0xffca2390, _Env=0xffca2388, _DoWildCard=0, _StartInfo=0xffca239c | out: _Argc=0xffca2380, _Argv=0xffca2390, _Env=0xffca2388) returned 0 [0120.139] ??0CHString@@QEAA@XZ () returned 0xffca2ab0 [0120.139] malloc (_Size=0x30) returned 0x29df90 [0120.139] malloc (_Size=0x70) returned 0x437b20 [0120.140] malloc (_Size=0x50) returned 0x435ae0 [0120.140] malloc (_Size=0x30) returned 0x437ba0 [0120.140] malloc (_Size=0x48) returned 0x437be0 [0120.140] malloc (_Size=0x30) returned 0x437c30 [0120.140] malloc (_Size=0x30) returned 0x437c70 [0120.140] ??0CHString@@QEAA@XZ () returned 0xffca2f58 [0120.140] malloc (_Size=0x30) returned 0x437cb0 [0120.140] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4dfc96c [0120.140] SetConsoleCtrlHandler (HandlerRoutine=0xffc75724, Add=1) returned 1 [0120.141] _onexit (_Func=0xffc8f378) returned 0xffc8f378 [0120.141] _onexit (_Func=0xffc8f490) returned 0xffc8f490 [0120.142] _onexit (_Func=0xffc8f4d0) returned 0xffc8f4d0 [0120.142] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.142] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0120.156] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0120.191] CoCreateInstance (in: rclsid=0xffc373a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xffc37370*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xffca2940 | out: ppv=0xffca2940*=0x1bcb90) returned 0x0 [0120.228] GetCurrentProcess () returned 0xffffffffffffffff [0120.228] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x16f580 | out: TokenHandle=0x16f580*=0x104) returned 1 [0120.228] GetTokenInformation (in: TokenHandle=0x104, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16f578 | out: TokenInformation=0x0, ReturnLength=0x16f578) returned 0 [0120.228] malloc (_Size=0x118) returned 0x436480 [0120.228] GetTokenInformation (in: TokenHandle=0x104, TokenInformationClass=0x3, TokenInformation=0x436480, TokenInformationLength=0x118, ReturnLength=0x16f578 | out: TokenInformation=0x436480, ReturnLength=0x16f578) returned 1 [0120.228] AdjustTokenPrivileges (in: TokenHandle=0x104, DisableAllPrivileges=0, NewState=0x436480*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=-534900571, Attributes=0x19b7), (Luid.LowPart=0x0, Luid.HighPart=4423440, Attributes=0x0), (Luid.LowPart=0x65, Luid.HighPart=5242950, Attributes=0x4e005f), (Luid.LowPart=0x4f0048, Luid.HighPart=5505107, Attributes=0x43005f), (Luid.LowPart=0x4b0043, Luid.HighPart=5111869, Attributes=0x4f), (Luid.LowPart=0x45004d, Luid.HighPart=5374020, Attributes=0x560049))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0120.229] free (_Block=0x436480) [0120.229] CloseHandle (hObject=0x104) returned 1 [0120.229] malloc (_Size=0x40) returned 0x437f10 [0120.230] malloc (_Size=0x40) returned 0x437f60 [0120.230] malloc (_Size=0x40) returned 0x436480 [0120.230] malloc (_Size=0x20a) returned 0x4364d0 [0120.230] GetSystemDirectoryW (in: lpBuffer=0x4364d0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0120.231] free (_Block=0x4364d0) [0120.231] malloc (_Size=0x18) returned 0x437fb0 [0120.231] malloc (_Size=0x18) returned 0x4364d0 [0120.232] malloc (_Size=0x18) returned 0x4364f0 [0120.232] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0120.232] SysStringLen (param_1="\\kernel32.dll") returned 0xd [0120.232] memcpy (in: _Dst=0x1c4218, _Src=0x1c13c8, _Size=0x28 | out: _Dst=0x1c4218) returned 0x1c4218 [0120.232] memcpy (in: _Dst=0x1c423e, _Src=0x1c1408, _Size=0x1c | out: _Dst=0x1c423e) returned 0x1c423e [0120.232] free (_Block=0x437fb0) [0120.232] free (_Block=0x4364d0) [0120.232] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x77660000 [0120.233] GetProcAddress (hModule=0x77660000, lpProcName="SetThreadUILanguage") returned 0x776761e0 [0120.233] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0120.233] FreeLibrary (hLibModule=0x77660000) returned 1 [0120.234] free (_Block=0x4364f0) [0120.234] _vsnwprintf (in: _Buffer=0x436480, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0x16f1a8 | out: _Buffer="ms_409") returned 6 [0120.234] malloc (_Size=0x20) returned 0x4364d0 [0120.234] GetComputerNameW (in: lpBuffer=0x4364d0, nSize=0x16f580 | out: lpBuffer="Q9IATRKPRH", nSize=0x16f580) returned 1 [0120.235] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0120.235] malloc (_Size=0x16) returned 0x437fb0 [0120.235] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0120.235] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0x16f578 | out: lpNameBuffer=0x0, nSize=0x16f578) returned 0x7fffffde000 [0120.238] GetLastError () returned 0xea [0120.238] malloc (_Size=0x2c) returned 0x436500 [0120.238] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x436500, nSize=0x16f578 | out: lpNameBuffer="Q9IATRKPRH\\kEecfMwgj", nSize=0x16f578) returned 0x1 [0120.239] lstrlenW (lpString="") returned 0 [0120.239] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0120.239] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2="", cchCount2=0) returned 3 [0120.246] lstrlenW (lpString=".") returned 1 [0120.246] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0120.246] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2=".", cchCount2=1) returned 3 [0120.246] lstrlenW (lpString="LOCALHOST") returned 9 [0120.246] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0120.247] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2="LOCALHOST", cchCount2=9) returned 3 [0120.247] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0120.247] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0120.247] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2="Q9IATRKPRH", cchCount2=10) returned 2 [0120.247] free (_Block=0x437fb0) [0120.247] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0120.247] malloc (_Size=0x16) returned 0x437fb0 [0120.247] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0120.247] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0120.247] malloc (_Size=0x16) returned 0x436540 [0120.248] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0120.248] malloc (_Size=0x8) returned 0x436560 [0120.248] malloc (_Size=0x18) returned 0x436580 [0120.248] malloc (_Size=0x30) returned 0x4365a0 [0120.248] malloc (_Size=0x18) returned 0x4365e0 [0120.248] SysStringLen (param_1="IDENTIFY") returned 0x8 [0120.248] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0120.249] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0120.249] SysStringLen (param_1="IDENTIFY") returned 0x8 [0120.249] malloc (_Size=0x30) returned 0x436600 [0120.249] malloc (_Size=0x18) returned 0x436640 [0120.249] SysStringLen (param_1="IMPERSONATE") returned 0xb [0120.249] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0120.249] SysStringLen (param_1="IMPERSONATE") returned 0xb [0120.249] SysStringLen (param_1="IDENTIFY") returned 0x8 [0120.249] SysStringLen (param_1="IDENTIFY") returned 0x8 [0120.249] SysStringLen (param_1="IMPERSONATE") returned 0xb [0120.249] malloc (_Size=0x30) returned 0x436660 [0120.249] malloc (_Size=0x18) returned 0x4366a0 [0120.250] SysStringLen (param_1="DELEGATE") returned 0x8 [0120.250] SysStringLen (param_1="IDENTIFY") returned 0x8 [0120.250] SysStringLen (param_1="DELEGATE") returned 0x8 [0120.250] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0120.250] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0120.250] SysStringLen (param_1="DELEGATE") returned 0x8 [0120.250] malloc (_Size=0x30) returned 0x4366c0 [0120.250] malloc (_Size=0x18) returned 0x436700 [0120.250] malloc (_Size=0x30) returned 0x436720 [0120.250] malloc (_Size=0x18) returned 0x436760 [0120.250] SysStringLen (param_1="NONE") returned 0x4 [0120.251] SysStringLen (param_1="DEFAULT") returned 0x7 [0120.251] SysStringLen (param_1="DEFAULT") returned 0x7 [0120.251] SysStringLen (param_1="NONE") returned 0x4 [0120.251] malloc (_Size=0x30) returned 0x436780 [0120.251] malloc (_Size=0x18) returned 0x4367c0 [0120.251] SysStringLen (param_1="CONNECT") returned 0x7 [0120.251] SysStringLen (param_1="DEFAULT") returned 0x7 [0120.251] malloc (_Size=0x30) returned 0x4367e0 [0120.251] malloc (_Size=0x18) returned 0x436820 [0120.251] SysStringLen (param_1="CALL") returned 0x4 [0120.251] SysStringLen (param_1="DEFAULT") returned 0x7 [0120.251] SysStringLen (param_1="CALL") returned 0x4 [0120.251] SysStringLen (param_1="CONNECT") returned 0x7 [0120.252] malloc (_Size=0x30) returned 0x436840 [0120.252] malloc (_Size=0x18) returned 0x436880 [0120.252] SysStringLen (param_1="PKT") returned 0x3 [0120.252] SysStringLen (param_1="DEFAULT") returned 0x7 [0120.252] SysStringLen (param_1="PKT") returned 0x3 [0120.252] SysStringLen (param_1="NONE") returned 0x4 [0120.252] SysStringLen (param_1="NONE") returned 0x4 [0120.252] SysStringLen (param_1="PKT") returned 0x3 [0120.252] malloc (_Size=0x30) returned 0x438000 [0120.252] malloc (_Size=0x18) returned 0x436ca0 [0120.253] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0120.253] SysStringLen (param_1="DEFAULT") returned 0x7 [0120.253] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0120.253] SysStringLen (param_1="NONE") returned 0x4 [0120.253] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0120.253] SysStringLen (param_1="PKT") returned 0x3 [0120.253] SysStringLen (param_1="PKT") returned 0x3 [0120.253] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0120.253] malloc (_Size=0x30) returned 0x438040 [0120.253] malloc (_Size=0x18) returned 0x436cc0 [0120.253] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0120.253] SysStringLen (param_1="DEFAULT") returned 0x7 [0120.253] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0120.254] SysStringLen (param_1="PKT") returned 0x3 [0120.254] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0120.254] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0120.254] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0120.254] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0120.254] malloc (_Size=0x30) returned 0x438080 [0120.254] malloc (_Size=0x40) returned 0x436ce0 [0120.254] malloc (_Size=0x20a) returned 0x438fd0 [0120.255] GetSystemDirectoryW (in: lpBuffer=0x438fd0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0120.255] free (_Block=0x438fd0) [0120.255] malloc (_Size=0x18) returned 0x436d30 [0120.255] malloc (_Size=0x18) returned 0x436d50 [0120.255] malloc (_Size=0x18) returned 0x436d70 [0120.256] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0120.256] SysStringLen (param_1="\\wbem\\") returned 0x6 [0120.256] memcpy (in: _Dst=0x1a6708, _Src=0x1c1408, _Size=0x28 | out: _Dst=0x1a6708) returned 0x1a6708 [0120.256] memcpy (in: _Dst=0x1a672e, _Src=0x1c0a38, _Size=0xe | out: _Dst=0x1a672e) returned 0x1a672e [0120.256] free (_Block=0x436d30) [0120.256] free (_Block=0x436d50) [0120.256] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32 [0120.257] free (_Block=0x436d70) [0120.257] malloc (_Size=0x18) returned 0x436d30 [0120.257] malloc (_Size=0x18) returned 0x436d50 [0120.257] malloc (_Size=0x18) returned 0x436d70 [0120.257] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19 [0120.257] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10 [0120.257] memcpy (in: _Dst=0x1c4898, _Src=0x1a6758, _Size=0x34 | out: _Dst=0x1c4898) returned 0x1c4898 [0120.257] memcpy (in: _Dst=0x1c48ca, _Src=0x1c1408, _Size=0x22 | out: _Dst=0x1c48ca) returned 0x1c48ca [0120.258] free (_Block=0x436d30) [0120.258] free (_Block=0x436d50) [0120.258] GetCurrentThreadId () returned 0xe10 [0120.258] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0x16ee80 | out: phkResult=0x16ee80*=0x108) returned 0x0 [0120.259] RegQueryValueExW (in: hKey=0x108, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0x16eed0, lpcbData=0x16ee70*=0x400 | out: lpType=0x0, lpData=0x16eed0*=0x30, lpcbData=0x16ee70*=0x4) returned 0x0 [0120.259] _wcsicmp (_String1="0", _String2="1") returned -1 [0120.259] _wcsicmp (_String1="0", _String2="2") returned -2 [0120.259] RegQueryValueExW (in: hKey=0x108, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x16ee70*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0x16ee70*=0x42) returned 0x0 [0120.259] malloc (_Size=0x86) returned 0x436d90 [0120.259] RegQueryValueExW (in: hKey=0x108, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x436d90, lpcbData=0x16ee70*=0x42 | out: lpType=0x0, lpData=0x436d90*=0x25, lpcbData=0x16ee70*=0x42) returned 0x0 [0120.259] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0120.259] malloc (_Size=0x42) returned 0x436e20 [0120.259] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0120.259] RegQueryValueExW (in: hKey=0x108, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0x16eed0, lpcbData=0x16ee70*=0x400 | out: lpType=0x0, lpData=0x16eed0*=0x36, lpcbData=0x16ee70*=0xc) returned 0x0 [0120.260] _wtol (_String="65536") returned 65536 [0120.260] free (_Block=0x436d90) [0120.260] RegCloseKey (hKey=0x0) returned 0x6 [0120.260] CoCreateInstance (in: rclsid=0xffc37410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xffc373f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x16f378 | out: ppv=0x16f378*=0x20471d0) returned 0x0 [0120.324] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x20471d0, xmlSource=0x16f4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x436d30), isSuccessful=0x16f530 | out: isSuccessful=0x16f530*=0xffff) returned 0x0 [0120.801] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x20471d0, DOMElement=0x16f370 | out: DOMElement=0x16f370*=0x204bc50) returned 0x0 [0120.801] malloc (_Size=0x18) returned 0x436e70 [0120.802] IXMLDOMElement:getElementsByTagName (in: This=0x204bc50, tagName="XSLFORMAT", resultList=0x16f380 | out: resultList=0x16f380*=0x2049cc0) returned 0x0 [0120.803] free (_Block=0x436e70) [0120.803] IXMLDOMNodeList:get_length (in: This=0x2049cc0, listLength=0x16f548 | out: listLength=0x16f548*=21) returned 0x0 [0120.804] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=0, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.804] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="texttable.xsl") returned 0x0 [0120.804] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.804] malloc (_Size=0x18) returned 0x436e70 [0120.804] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.805] free (_Block=0x436e70) [0120.805] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="TABLE", varVal2=0x4)) returned 0x0 [0120.805] malloc (_Size=0x18) returned 0x436e70 [0120.805] malloc (_Size=0x18) returned 0x436e90 [0120.805] malloc (_Size=0x30) returned 0x4380c0 [0120.806] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.806] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.806] IUnknown:Release (This=0x204a280) returned 0x0 [0120.806] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=1, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.806] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="textvaluelist.xsl") returned 0x0 [0120.806] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.806] malloc (_Size=0x18) returned 0x436d30 [0120.806] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.807] free (_Block=0x436d30) [0120.807] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="VALUE", varVal2=0x4)) returned 0x0 [0120.807] malloc (_Size=0x18) returned 0x43c380 [0120.807] malloc (_Size=0x18) returned 0x43c3a0 [0120.807] SysStringLen (param_1="VALUE") returned 0x5 [0120.807] SysStringLen (param_1="TABLE") returned 0x5 [0120.807] SysStringLen (param_1="TABLE") returned 0x5 [0120.808] SysStringLen (param_1="VALUE") returned 0x5 [0120.808] malloc (_Size=0x30) returned 0x438100 [0120.808] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.808] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.808] IUnknown:Release (This=0x204a280) returned 0x0 [0120.808] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=2, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.808] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="textvaluelist.xsl") returned 0x0 [0120.808] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.808] malloc (_Size=0x18) returned 0x43c3c0 [0120.808] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.809] free (_Block=0x43c3c0) [0120.809] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LIST", varVal2=0x4)) returned 0x0 [0120.809] malloc (_Size=0x18) returned 0x43c3c0 [0120.809] malloc (_Size=0x18) returned 0x43c3e0 [0120.809] SysStringLen (param_1="LIST") returned 0x4 [0120.809] SysStringLen (param_1="TABLE") returned 0x5 [0120.809] malloc (_Size=0x30) returned 0x438140 [0120.809] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.810] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.810] IUnknown:Release (This=0x204a280) returned 0x0 [0120.810] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=3, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.810] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="rawxml.xsl") returned 0x0 [0120.810] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.810] malloc (_Size=0x18) returned 0x43c400 [0120.810] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.810] free (_Block=0x43c400) [0120.810] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RAWXML", varVal2=0x4)) returned 0x0 [0120.811] malloc (_Size=0x18) returned 0x43c400 [0120.811] malloc (_Size=0x18) returned 0x43c420 [0120.811] SysStringLen (param_1="RAWXML") returned 0x6 [0120.811] SysStringLen (param_1="TABLE") returned 0x5 [0120.811] SysStringLen (param_1="RAWXML") returned 0x6 [0120.811] SysStringLen (param_1="LIST") returned 0x4 [0120.811] SysStringLen (param_1="LIST") returned 0x4 [0120.811] SysStringLen (param_1="RAWXML") returned 0x6 [0120.811] malloc (_Size=0x30) returned 0x438180 [0120.811] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.812] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.812] IUnknown:Release (This=0x204a280) returned 0x0 [0120.812] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=4, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.812] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="htable.xsl") returned 0x0 [0120.812] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.812] malloc (_Size=0x18) returned 0x43c440 [0120.812] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.812] free (_Block=0x43c440) [0120.812] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HTABLE", varVal2=0x4)) returned 0x0 [0120.812] malloc (_Size=0x18) returned 0x43c440 [0120.813] malloc (_Size=0x18) returned 0x43c460 [0120.813] SysStringLen (param_1="HTABLE") returned 0x6 [0120.813] SysStringLen (param_1="TABLE") returned 0x5 [0120.813] SysStringLen (param_1="HTABLE") returned 0x6 [0120.813] SysStringLen (param_1="LIST") returned 0x4 [0120.813] malloc (_Size=0x30) returned 0x4381c0 [0120.813] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.813] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.813] IUnknown:Release (This=0x204a280) returned 0x0 [0120.813] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=5, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.814] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="hform.xsl") returned 0x0 [0120.814] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.814] malloc (_Size=0x18) returned 0x43c480 [0120.814] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.814] free (_Block=0x43c480) [0120.814] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HFORM", varVal2=0x4)) returned 0x0 [0120.814] malloc (_Size=0x18) returned 0x43c480 [0120.815] malloc (_Size=0x18) returned 0x43c4a0 [0120.815] SysStringLen (param_1="HFORM") returned 0x5 [0120.815] SysStringLen (param_1="TABLE") returned 0x5 [0120.815] SysStringLen (param_1="HFORM") returned 0x5 [0120.815] SysStringLen (param_1="LIST") returned 0x4 [0120.815] SysStringLen (param_1="HFORM") returned 0x5 [0120.815] SysStringLen (param_1="HTABLE") returned 0x6 [0120.815] malloc (_Size=0x30) returned 0x438200 [0120.815] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.815] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.816] IUnknown:Release (This=0x204a280) returned 0x0 [0120.816] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=6, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.816] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="xml.xsl") returned 0x0 [0120.816] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.816] malloc (_Size=0x18) returned 0x43c4c0 [0120.816] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.816] free (_Block=0x43c4c0) [0120.816] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XML", varVal2=0x4)) returned 0x0 [0120.816] malloc (_Size=0x18) returned 0x43c4c0 [0120.817] malloc (_Size=0x18) returned 0x43c4e0 [0120.817] SysStringLen (param_1="XML") returned 0x3 [0120.817] SysStringLen (param_1="TABLE") returned 0x5 [0120.817] SysStringLen (param_1="XML") returned 0x3 [0120.817] SysStringLen (param_1="VALUE") returned 0x5 [0120.817] SysStringLen (param_1="VALUE") returned 0x5 [0120.817] SysStringLen (param_1="XML") returned 0x3 [0120.817] malloc (_Size=0x30) returned 0x438240 [0120.818] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.818] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.818] IUnknown:Release (This=0x204a280) returned 0x0 [0120.818] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=7, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.818] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="mof.xsl") returned 0x0 [0120.818] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.818] malloc (_Size=0x18) returned 0x43c500 [0120.818] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.818] free (_Block=0x43c500) [0120.819] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MOF", varVal2=0x4)) returned 0x0 [0120.819] malloc (_Size=0x18) returned 0x43c500 [0120.819] malloc (_Size=0x18) returned 0x43c520 [0120.819] SysStringLen (param_1="MOF") returned 0x3 [0120.819] SysStringLen (param_1="TABLE") returned 0x5 [0120.819] SysStringLen (param_1="MOF") returned 0x3 [0120.819] SysStringLen (param_1="LIST") returned 0x4 [0120.819] SysStringLen (param_1="MOF") returned 0x3 [0120.819] SysStringLen (param_1="RAWXML") returned 0x6 [0120.819] SysStringLen (param_1="LIST") returned 0x4 [0120.820] SysStringLen (param_1="MOF") returned 0x3 [0120.820] malloc (_Size=0x30) returned 0x438280 [0120.820] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.820] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.820] IUnknown:Release (This=0x204a280) returned 0x0 [0120.820] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=8, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.820] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="csv.xsl") returned 0x0 [0120.820] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.820] malloc (_Size=0x18) returned 0x43c540 [0120.821] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.821] free (_Block=0x43c540) [0120.821] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSV", varVal2=0x4)) returned 0x0 [0120.821] malloc (_Size=0x18) returned 0x43c540 [0120.821] malloc (_Size=0x18) returned 0x43c560 [0120.821] SysStringLen (param_1="CSV") returned 0x3 [0120.821] SysStringLen (param_1="TABLE") returned 0x5 [0120.821] SysStringLen (param_1="CSV") returned 0x3 [0120.821] SysStringLen (param_1="LIST") returned 0x4 [0120.822] SysStringLen (param_1="CSV") returned 0x3 [0120.822] SysStringLen (param_1="HTABLE") returned 0x6 [0120.822] SysStringLen (param_1="CSV") returned 0x3 [0120.822] SysStringLen (param_1="HFORM") returned 0x5 [0120.822] malloc (_Size=0x30) returned 0x4382c0 [0120.822] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.822] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.822] IUnknown:Release (This=0x204a280) returned 0x0 [0120.822] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=9, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.822] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="texttable.xsl") returned 0x0 [0120.843] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.843] malloc (_Size=0x18) returned 0x43c580 [0120.843] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.844] free (_Block=0x43c580) [0120.844] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys.xsl", varVal2=0x4)) returned 0x0 [0120.844] malloc (_Size=0x18) returned 0x43c580 [0120.844] malloc (_Size=0x18) returned 0x43c5a0 [0120.844] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.844] SysStringLen (param_1="TABLE") returned 0x5 [0120.844] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.844] SysStringLen (param_1="VALUE") returned 0x5 [0120.844] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.845] SysStringLen (param_1="XML") returned 0x3 [0120.845] SysStringLen (param_1="XML") returned 0x3 [0120.845] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.845] malloc (_Size=0x30) returned 0x438300 [0120.845] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.845] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.845] IUnknown:Release (This=0x204a280) returned 0x0 [0120.845] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=10, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.845] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="texttable.xsl") returned 0x0 [0120.845] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.846] malloc (_Size=0x18) returned 0x43c5c0 [0120.846] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.846] free (_Block=0x43c5c0) [0120.846] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys", varVal2=0x4)) returned 0x0 [0120.846] malloc (_Size=0x18) returned 0x43c5c0 [0120.846] malloc (_Size=0x18) returned 0x43c5e0 [0120.846] SysStringLen (param_1="texttablewsys") returned 0xd [0120.846] SysStringLen (param_1="TABLE") returned 0x5 [0120.846] SysStringLen (param_1="texttablewsys") returned 0xd [0120.847] SysStringLen (param_1="XML") returned 0x3 [0120.847] SysStringLen (param_1="texttablewsys") returned 0xd [0120.847] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.847] SysStringLen (param_1="XML") returned 0x3 [0120.847] SysStringLen (param_1="texttablewsys") returned 0xd [0120.847] malloc (_Size=0x30) returned 0x438340 [0120.847] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.847] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.847] IUnknown:Release (This=0x204a280) returned 0x0 [0120.847] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=11, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.848] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="texttable.xsl") returned 0x0 [0120.848] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.848] malloc (_Size=0x18) returned 0x43c600 [0120.848] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.848] free (_Block=0x43c600) [0120.848] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat.xsl", varVal2=0x4)) returned 0x0 [0120.848] malloc (_Size=0x18) returned 0x43c600 [0120.848] malloc (_Size=0x18) returned 0x43c620 [0120.849] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.849] SysStringLen (param_1="TABLE") returned 0x5 [0120.849] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.849] SysStringLen (param_1="XML") returned 0x3 [0120.849] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.849] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.849] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.849] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.849] malloc (_Size=0x30) returned 0x438380 [0120.849] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.850] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.850] IUnknown:Release (This=0x204a280) returned 0x0 [0120.850] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=12, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.850] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="texttable.xsl") returned 0x0 [0120.850] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.850] malloc (_Size=0x18) returned 0x43c640 [0120.850] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.850] free (_Block=0x43c640) [0120.850] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat", varVal2=0x4)) returned 0x0 [0120.850] malloc (_Size=0x18) returned 0x43c640 [0120.851] malloc (_Size=0x18) returned 0x43c660 [0120.851] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0120.851] SysStringLen (param_1="TABLE") returned 0x5 [0120.851] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0120.851] SysStringLen (param_1="XML") returned 0x3 [0120.851] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0120.851] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.851] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0120.851] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.851] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.851] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0120.851] malloc (_Size=0x30) returned 0x4383c0 [0120.852] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.852] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.852] IUnknown:Release (This=0x204a280) returned 0x0 [0120.852] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=13, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.852] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="texttable.xsl") returned 0x0 [0120.852] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.852] malloc (_Size=0x18) returned 0x43c680 [0120.852] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.852] free (_Block=0x43c680) [0120.853] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys.xsl", varVal2=0x4)) returned 0x0 [0120.853] malloc (_Size=0x18) returned 0x43c680 [0120.853] malloc (_Size=0x18) returned 0x43c6a0 [0120.853] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0120.853] SysStringLen (param_1="TABLE") returned 0x5 [0120.853] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0120.853] SysStringLen (param_1="XML") returned 0x3 [0120.853] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0120.853] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.853] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0120.854] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.854] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.854] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0120.854] malloc (_Size=0x30) returned 0x438400 [0120.854] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.854] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.854] IUnknown:Release (This=0x204a280) returned 0x0 [0120.854] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=14, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.854] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="texttable.xsl") returned 0x0 [0120.855] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.855] malloc (_Size=0x18) returned 0x43c6c0 [0120.855] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.855] free (_Block=0x43c6c0) [0120.855] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys", varVal2=0x4)) returned 0x0 [0120.855] malloc (_Size=0x18) returned 0x43c6c0 [0120.855] malloc (_Size=0x18) returned 0x43c6e0 [0120.856] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0120.856] SysStringLen (param_1="TABLE") returned 0x5 [0120.856] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0120.856] SysStringLen (param_1="XML") returned 0x3 [0120.856] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0120.856] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.856] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0120.856] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.856] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0120.856] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0120.856] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.856] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0120.856] malloc (_Size=0x30) returned 0x438440 [0120.857] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.857] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.857] IUnknown:Release (This=0x204a280) returned 0x0 [0120.857] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=15, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.857] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="htable.xsl") returned 0x0 [0120.857] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.857] malloc (_Size=0x18) returned 0x43c700 [0120.857] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.858] free (_Block=0x43c700) [0120.858] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby.xsl", varVal2=0x4)) returned 0x0 [0120.858] malloc (_Size=0x18) returned 0x43c700 [0120.858] malloc (_Size=0x18) returned 0x43c720 [0120.858] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0120.858] SysStringLen (param_1="TABLE") returned 0x5 [0120.858] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0120.858] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.858] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0120.858] SysStringLen (param_1="XML") returned 0x3 [0120.859] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0120.859] SysStringLen (param_1="texttablewsys") returned 0xd [0120.859] SysStringLen (param_1="XML") returned 0x3 [0120.859] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0120.859] malloc (_Size=0x30) returned 0x438480 [0120.859] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.859] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.859] IUnknown:Release (This=0x204a280) returned 0x0 [0120.859] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=16, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.860] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="htable.xsl") returned 0x0 [0120.860] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.860] malloc (_Size=0x18) returned 0x43c740 [0120.860] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.860] free (_Block=0x43c740) [0120.860] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby", varVal2=0x4)) returned 0x0 [0120.860] malloc (_Size=0x18) returned 0x43c740 [0120.861] malloc (_Size=0x18) returned 0x43c760 [0120.861] SysStringLen (param_1="htable-sortby") returned 0xd [0120.861] SysStringLen (param_1="TABLE") returned 0x5 [0120.861] SysStringLen (param_1="htable-sortby") returned 0xd [0120.861] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.861] SysStringLen (param_1="htable-sortby") returned 0xd [0120.861] SysStringLen (param_1="XML") returned 0x3 [0120.861] SysStringLen (param_1="htable-sortby") returned 0xd [0120.861] SysStringLen (param_1="texttablewsys") returned 0xd [0120.861] SysStringLen (param_1="htable-sortby") returned 0xd [0120.861] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0120.861] SysStringLen (param_1="XML") returned 0x3 [0120.862] SysStringLen (param_1="htable-sortby") returned 0xd [0120.862] malloc (_Size=0x30) returned 0x4384c0 [0120.862] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.862] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.862] IUnknown:Release (This=0x204a280) returned 0x0 [0120.862] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=17, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.862] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="mof.xsl") returned 0x0 [0120.862] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.862] malloc (_Size=0x18) returned 0x43c780 [0120.863] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.863] free (_Block=0x43c780) [0120.863] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat.xsl", varVal2=0x4)) returned 0x0 [0120.863] malloc (_Size=0x18) returned 0x43c780 [0120.863] malloc (_Size=0x18) returned 0x43c7a0 [0120.863] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0120.864] SysStringLen (param_1="TABLE") returned 0x5 [0120.864] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0120.864] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.864] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0120.864] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.864] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0120.864] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0120.864] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.864] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0120.864] malloc (_Size=0x30) returned 0x438500 [0120.864] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.864] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.865] IUnknown:Release (This=0x204a280) returned 0x0 [0120.865] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=18, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.865] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="mof.xsl") returned 0x0 [0120.865] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.865] malloc (_Size=0x18) returned 0x43c7c0 [0120.865] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.865] free (_Block=0x43c7c0) [0120.865] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat", varVal2=0x4)) returned 0x0 [0120.865] malloc (_Size=0x18) returned 0x43c7c0 [0120.866] malloc (_Size=0x18) returned 0x43c7e0 [0120.866] SysStringLen (param_1="wmiclimofformat") returned 0xf [0120.866] SysStringLen (param_1="TABLE") returned 0x5 [0120.866] SysStringLen (param_1="wmiclimofformat") returned 0xf [0120.866] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.866] SysStringLen (param_1="wmiclimofformat") returned 0xf [0120.866] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.866] SysStringLen (param_1="wmiclimofformat") returned 0xf [0120.866] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0120.866] SysStringLen (param_1="wmiclimofformat") returned 0xf [0120.866] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0120.866] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.867] SysStringLen (param_1="wmiclimofformat") returned 0xf [0120.867] malloc (_Size=0x30) returned 0x438540 [0120.867] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.867] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.867] IUnknown:Release (This=0x204a280) returned 0x0 [0120.867] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=19, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.867] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="textvaluelist.xsl") returned 0x0 [0120.867] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.867] malloc (_Size=0x18) returned 0x43c800 [0120.867] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.868] free (_Block=0x43c800) [0120.868] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat.xsl", varVal2=0x4)) returned 0x0 [0120.868] malloc (_Size=0x18) returned 0x43c800 [0120.868] malloc (_Size=0x18) returned 0x43c820 [0120.868] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0120.868] SysStringLen (param_1="TABLE") returned 0x5 [0120.868] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0120.869] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.869] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0120.869] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.869] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0120.869] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0120.869] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0120.869] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0120.869] malloc (_Size=0x30) returned 0x438580 [0120.869] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.873] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.873] IUnknown:Release (This=0x204a280) returned 0x0 [0120.873] IXMLDOMNodeList:get_item (in: This=0x2049cc0, index=20, listItem=0x16f350 | out: listItem=0x16f350*=0x204bd50) returned 0x0 [0120.873] IXMLDOMNode:get_text (in: This=0x204bd50, text=0x16f360 | out: text=0x16f360*="textvaluelist.xsl") returned 0x0 [0120.873] IXMLDOMNode:get_attributes (in: This=0x204bd50, attributeMap=0x16f358 | out: attributeMap=0x16f358*=0x20478d0) returned 0x0 [0120.873] malloc (_Size=0x18) returned 0x43c840 [0120.873] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x20478d0, name="KEYWORD", namedItem=0x16f368 | out: namedItem=0x16f368*=0x204a280) returned 0x0 [0120.874] free (_Block=0x43c840) [0120.874] IXMLDOMNode:get_nodeValue (in: This=0x204a280, value=0x16f3a0 | out: value=0x16f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat", varVal2=0x4)) returned 0x0 [0120.874] malloc (_Size=0x18) returned 0x43c840 [0120.874] malloc (_Size=0x18) returned 0x43c860 [0120.874] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0120.874] SysStringLen (param_1="TABLE") returned 0x5 [0120.874] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0120.874] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0120.874] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0120.874] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0120.875] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0120.875] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0120.875] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0120.875] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0120.875] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0120.875] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0120.875] malloc (_Size=0x30) returned 0x4385c0 [0120.875] IUnknown:Release (This=0x204bd50) returned 0x0 [0120.875] IUnknown:Release (This=0x20478d0) returned 0x0 [0120.875] IUnknown:Release (This=0x204a280) returned 0x0 [0120.875] IUnknown:Release (This=0x2049cc0) returned 0x0 [0120.876] FreeThreadedDOMDocument:IUnknown:Release (This=0x204bc50) returned 0x1 [0120.876] FreeThreadedDOMDocument:IUnknown:Release (This=0x20471d0) returned 0x0 [0120.876] free (_Block=0x436d70) [0120.876] GetCommandLineW () returned="wmic path win32_VideoController get name" [0120.876] malloc (_Size=0x60) returned 0x436d30 [0120.876] memcpy_s (in: _Destination=0x436d30, _DestinationSize=0x5e, _Source=0x1926d6, _SourceSize=0x50 | out: _Destination=0x436d30) returned 0x0 [0120.877] malloc (_Size=0x18) returned 0x43c880 [0120.877] malloc (_Size=0x18) returned 0x43c8a0 [0120.877] malloc (_Size=0x18) returned 0x43c8c0 [0120.877] malloc (_Size=0x18) returned 0x43c8e0 [0120.877] malloc (_Size=0x80) returned 0x43cb50 [0120.877] GetLocalTime (in: lpSystemTime=0x16f510 | out: lpSystemTime=0x16f510*(wYear=0x7e8, wMonth=0x2, wDayOfWeek=0x0, wDay=0xb, wHour=0x16, wMinute=0x10, wSecond=0x22, wMilliseconds=0x19)) [0120.877] _vsnwprintf (in: _Buffer=0x43cb50, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0x16f468 | out: _Buffer="02-11-2024T22:16:34") returned 19 [0120.877] lstrlenW (lpString=" path win32_VideoController get name") returned 36 [0120.878] malloc (_Size=0x4a) returned 0x436da0 [0120.878] lstrlenW (lpString=" path win32_VideoController get name") returned 36 [0120.878] lstrlenW (lpString=" path win32_VideoController get name") returned 36 [0120.878] malloc (_Size=0x4a) returned 0x43cbe0 [0120.878] lstrlenW (lpString=" path win32_VideoController get name") returned 36 [0120.878] lstrlenW (lpString=" path win32_VideoController get name") returned 36 [0120.878] lstrlenW (lpString=" path win32_VideoController get name") returned 36 [0120.878] malloc (_Size=0xa) returned 0x43c900 [0120.878] lstrlenW (lpString="path") returned 4 [0120.879] _wcsicmp (_String1="path", _String2="\"NULL\"") returned 78 [0120.879] malloc (_Size=0xa) returned 0x43c920 [0120.879] malloc (_Size=0x8) returned 0x436e00 [0120.879] free (_Block=0x0) [0120.879] free (_Block=0x43c900) [0120.879] lstrlenW (lpString=" path win32_VideoController get name") returned 36 [0120.879] malloc (_Size=0x2c) returned 0x438600 [0120.879] lstrlenW (lpString="win32_VideoController") returned 21 [0120.879] _wcsicmp (_String1="win32_VideoController", _String2="\"NULL\"") returned 85 [0120.879] malloc (_Size=0x2c) returned 0x438640 [0120.879] malloc (_Size=0x10) returned 0x43c900 [0120.879] memmove_s (in: _Destination=0x43c900, _DestinationSize=0x8, _Source=0x436e00, _SourceSize=0x8 | out: _Destination=0x43c900) returned 0x0 [0120.879] free (_Block=0x436e00) [0120.880] free (_Block=0x0) [0120.880] free (_Block=0x438600) [0120.880] lstrlenW (lpString=" path win32_VideoController get name") returned 36 [0120.880] malloc (_Size=0x8) returned 0x436e00 [0120.880] lstrlenW (lpString="get") returned 3 [0120.880] _wcsicmp (_String1="get", _String2="\"NULL\"") returned 69 [0120.881] malloc (_Size=0x8) returned 0x43cc40 [0120.881] malloc (_Size=0x18) returned 0x43c940 [0120.881] memmove_s (in: _Destination=0x43c940, _DestinationSize=0x10, _Source=0x43c900, _SourceSize=0x10 | out: _Destination=0x43c940) returned 0x0 [0120.881] free (_Block=0x43c900) [0120.881] free (_Block=0x0) [0120.881] free (_Block=0x436e00) [0120.881] lstrlenW (lpString=" path win32_VideoController get name") returned 36 [0120.881] malloc (_Size=0xa) returned 0x43c900 [0120.881] lstrlenW (lpString="name") returned 4 [0120.881] _wcsicmp (_String1="name", _String2="\"NULL\"") returned 76 [0120.881] malloc (_Size=0xa) returned 0x43c960 [0120.881] malloc (_Size=0x20) returned 0x43cc60 [0120.881] memmove_s (in: _Destination=0x43cc60, _DestinationSize=0x18, _Source=0x43c940, _SourceSize=0x18 | out: _Destination=0x43cc60) returned 0x0 [0120.882] free (_Block=0x43c940) [0120.882] free (_Block=0x0) [0120.882] free (_Block=0x43c900) [0120.882] malloc (_Size=0x20) returned 0x43cc90 [0120.882] lstrlenW (lpString="QUIT") returned 4 [0120.882] lstrlenW (lpString="path") returned 4 [0120.882] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="path", cchCount1=4, lpString2="QUIT", cchCount2=4) returned 1 [0120.882] lstrlenW (lpString="EXIT") returned 4 [0120.882] lstrlenW (lpString="path") returned 4 [0120.882] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="path", cchCount1=4, lpString2="EXIT", cchCount2=4) returned 3 [0120.883] free (_Block=0x43cc90) [0120.883] WbemLocator:IUnknown:AddRef (This=0x1bcb90) returned 0x2 [0120.883] malloc (_Size=0x20) returned 0x43cc90 [0120.883] lstrlenW (lpString="/") returned 1 [0120.883] lstrlenW (lpString="path") returned 4 [0120.883] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="path", cchCount1=4, lpString2="/", cchCount2=1) returned 3 [0120.883] lstrlenW (lpString="-") returned 1 [0120.884] lstrlenW (lpString="path") returned 4 [0120.884] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="path", cchCount1=4, lpString2="-", cchCount2=1) returned 3 [0120.884] lstrlenW (lpString="CLASS") returned 5 [0120.884] lstrlenW (lpString="path") returned 4 [0120.884] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="path", cchCount1=4, lpString2="CLASS", cchCount2=5) returned 3 [0120.884] lstrlenW (lpString="PATH") returned 4 [0120.884] lstrlenW (lpString="path") returned 4 [0120.884] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="path", cchCount1=4, lpString2="PATH", cchCount2=4) returned 2 [0120.885] lstrlenW (lpString="/") returned 1 [0120.885] lstrlenW (lpString="win32_VideoController") returned 21 [0120.885] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="win32_VideoController", cchCount1=21, lpString2="/", cchCount2=1) returned 3 [0120.887] lstrlenW (lpString="-") returned 1 [0120.887] lstrlenW (lpString="win32_VideoController") returned 21 [0120.887] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="win32_VideoController", cchCount1=21, lpString2="-", cchCount2=1) returned 3 [0120.887] lstrlenW (lpString="win32_VideoController") returned 21 [0120.887] malloc (_Size=0x2c) returned 0x438600 [0120.887] lstrlenW (lpString="win32_VideoController") returned 21 [0120.887] wcstok (in: _String="win32_VideoController", _Delimiter=".", _Context=0xfff | out: _String="win32_VideoController", _Context=0xfff) returned="win32_VideoController" [0120.887] lstrlenW (lpString="win32_VideoController") returned 21 [0120.888] malloc (_Size=0x2c) returned 0x438680 [0120.888] lstrlenW (lpString="win32_VideoController") returned 21 [0120.888] wcstok (in: _String=0x0, _Delimiter=",", _Context=0xffffffffffd34cf0 | out: _String=0x0, _Context=0xffffffffffd34cf0) returned 0x0 [0120.888] lstrlenW (lpString="") returned 0 [0120.888] lstrlenW (lpString="WHERE") returned 5 [0120.888] lstrlenW (lpString="get") returned 3 [0120.888] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="WHERE", cchCount2=5) returned 1 [0120.888] lstrlenW (lpString="/") returned 1 [0120.888] lstrlenW (lpString="get") returned 3 [0120.888] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="/", cchCount2=1) returned 3 [0120.888] lstrlenW (lpString="-") returned 1 [0120.889] lstrlenW (lpString="get") returned 3 [0120.889] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="-", cchCount2=1) returned 3 [0120.889] lstrlenW (lpString="get") returned 3 [0120.889] malloc (_Size=0x8) returned 0x436e00 [0120.889] lstrlenW (lpString="get") returned 3 [0120.889] lstrlenW (lpString="GET") returned 3 [0120.889] lstrlenW (lpString="get") returned 3 [0120.889] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2 [0120.890] lstrlenW (lpString="/") returned 1 [0120.890] lstrlenW (lpString="name") returned 4 [0120.890] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="/", cchCount2=1) returned 3 [0120.890] lstrlenW (lpString="-") returned 1 [0120.890] lstrlenW (lpString="name") returned 4 [0120.890] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="-", cchCount2=1) returned 3 [0120.890] lstrlenW (lpString="name") returned 4 [0120.890] malloc (_Size=0xa) returned 0x43c900 [0120.890] lstrlenW (lpString="name") returned 4 [0120.890] malloc (_Size=0x8) returned 0x43ccc0 [0120.890] ??0CHString@@QEAA@XZ () returned 0x16d048 [0120.890] GetCurrentThreadId () returned 0xe10 [0120.890] lstrlenW (lpString="SET") returned 3 [0120.891] lstrlenW (lpString="get") returned 3 [0120.891] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="SET", cchCount2=3) returned 1 [0120.891] GetCurrentThreadId () returned 0xe10 [0120.891] ??0CHString@@QEAA@XZ () returned 0x16ce48 [0120.891] malloc (_Size=0x8) returned 0x43cce0 [0120.891] malloc (_Size=0x18) returned 0x43c940 [0120.891] malloc (_Size=0x18) returned 0x43c980 [0120.892] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1bcb90, strNetworkResource="root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xffca2950 | out: ppNamespace=0xffca2950*=0x2264c0) returned 0x0 [0120.958] free (_Block=0x43c980) [0120.958] CoSetProxyBlanket (pProxy=0x2264c0, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0120.959] free (_Block=0x43cce0) [0120.959] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0120.959] free (_Block=0x43c940) [0120.959] malloc (_Size=0x8) returned 0x43cce0 [0120.959] memmove_s (in: _Destination=0x43cce0, _DestinationSize=0x8, _Source=0x43ccc0, _SourceSize=0x8 | out: _Destination=0x43cce0) returned 0x0 [0120.959] malloc (_Size=0x18) returned 0x43c940 [0120.960] IWbemServices:GetObject (in: This=0x2264c0, strObjectPath="win32_VideoController", lFlags=131072, pCtx=0x0, ppObject=0x16d060*=0x0, ppCallResult=0x0 | out: ppObject=0x16d060*=0x24d290, ppCallResult=0x0) returned 0x0 [0121.030] free (_Block=0x43c940) [0121.030] IWbemClassObject:GetNames (in: This=0x24d290, wszQualifierName=0x0, lFlags=64, pQualifierVal=0x0, pNames=0x16d058 | out: pNames=0x16d058*="\x01ƀ\x08") returned 0x0 [0121.031] SafeArrayGetLBound (in: psa=0x218230, nDim=0x1, plLbound=0x16d074 | out: plLbound=0x16d074) returned 0x0 [0121.031] SafeArrayGetUBound (in: psa=0x218230, nDim=0x1, plUbound=0x16d068 | out: plUbound=0x16d068) returned 0x0 [0121.031] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.031] malloc (_Size=0x18) returned 0x43c940 [0121.031] lstrlenW (lpString="AcceleratorCapabilities") returned 23 [0121.031] lstrlenW (lpString="name") returned 4 [0121.031] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="AcceleratorCapabilities", cchCount2=23) returned 3 [0121.031] free (_Block=0x43c940) [0121.032] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.032] malloc (_Size=0x18) returned 0x43c940 [0121.032] lstrlenW (lpString="AdapterCompatibility") returned 20 [0121.032] lstrlenW (lpString="name") returned 4 [0121.032] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="AdapterCompatibility", cchCount2=20) returned 3 [0121.032] free (_Block=0x43c940) [0121.032] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.032] malloc (_Size=0x18) returned 0x43c940 [0121.032] lstrlenW (lpString="AdapterDACType") returned 14 [0121.033] lstrlenW (lpString="name") returned 4 [0121.033] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="AdapterDACType", cchCount2=14) returned 3 [0121.033] free (_Block=0x43c940) [0121.033] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.033] malloc (_Size=0x18) returned 0x43c940 [0121.033] lstrlenW (lpString="AdapterRAM") returned 10 [0121.033] lstrlenW (lpString="name") returned 4 [0121.033] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="AdapterRAM", cchCount2=10) returned 3 [0121.033] free (_Block=0x43c940) [0121.034] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.034] malloc (_Size=0x18) returned 0x43c940 [0121.034] lstrlenW (lpString="Availability") returned 12 [0121.034] lstrlenW (lpString="name") returned 4 [0121.034] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Availability", cchCount2=12) returned 3 [0121.034] free (_Block=0x43c940) [0121.034] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.034] malloc (_Size=0x18) returned 0x43c940 [0121.035] lstrlenW (lpString="CapabilityDescriptions") returned 22 [0121.035] lstrlenW (lpString="name") returned 4 [0121.035] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CapabilityDescriptions", cchCount2=22) returned 3 [0121.035] free (_Block=0x43c940) [0121.035] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.035] malloc (_Size=0x18) returned 0x43c940 [0121.035] lstrlenW (lpString="Caption") returned 7 [0121.035] lstrlenW (lpString="name") returned 4 [0121.035] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Caption", cchCount2=7) returned 3 [0121.036] free (_Block=0x43c940) [0121.036] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.036] malloc (_Size=0x18) returned 0x43c940 [0121.036] lstrlenW (lpString="ColorTableEntries") returned 17 [0121.036] lstrlenW (lpString="name") returned 4 [0121.036] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ColorTableEntries", cchCount2=17) returned 3 [0121.036] free (_Block=0x43c940) [0121.036] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.037] malloc (_Size=0x18) returned 0x43c940 [0121.037] lstrlenW (lpString="ConfigManagerErrorCode") returned 22 [0121.037] lstrlenW (lpString="name") returned 4 [0121.037] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ConfigManagerErrorCode", cchCount2=22) returned 3 [0121.037] free (_Block=0x43c940) [0121.037] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.037] malloc (_Size=0x18) returned 0x43c940 [0121.037] lstrlenW (lpString="ConfigManagerUserConfig") returned 23 [0121.037] lstrlenW (lpString="name") returned 4 [0121.038] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ConfigManagerUserConfig", cchCount2=23) returned 3 [0121.038] free (_Block=0x43c940) [0121.038] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.038] malloc (_Size=0x18) returned 0x43c940 [0121.038] lstrlenW (lpString="CreationClassName") returned 17 [0121.038] lstrlenW (lpString="name") returned 4 [0121.038] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CreationClassName", cchCount2=17) returned 3 [0121.038] free (_Block=0x43c940) [0121.038] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.039] malloc (_Size=0x18) returned 0x43c940 [0121.039] lstrlenW (lpString="CurrentBitsPerPixel") returned 19 [0121.039] lstrlenW (lpString="name") returned 4 [0121.039] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CurrentBitsPerPixel", cchCount2=19) returned 3 [0121.039] free (_Block=0x43c940) [0121.039] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.039] malloc (_Size=0x18) returned 0x43c940 [0121.039] lstrlenW (lpString="CurrentHorizontalResolution") returned 27 [0121.040] lstrlenW (lpString="name") returned 4 [0121.040] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CurrentHorizontalResolution", cchCount2=27) returned 3 [0121.040] free (_Block=0x43c940) [0121.040] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.040] malloc (_Size=0x18) returned 0x43c940 [0121.040] lstrlenW (lpString="CurrentNumberOfColors") returned 21 [0121.040] lstrlenW (lpString="name") returned 4 [0121.040] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CurrentNumberOfColors", cchCount2=21) returned 3 [0121.040] free (_Block=0x43c940) [0121.041] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.041] malloc (_Size=0x18) returned 0x43c940 [0121.041] lstrlenW (lpString="CurrentNumberOfColumns") returned 22 [0121.041] lstrlenW (lpString="name") returned 4 [0121.041] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CurrentNumberOfColumns", cchCount2=22) returned 3 [0121.041] free (_Block=0x43c940) [0121.041] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.041] malloc (_Size=0x18) returned 0x43c940 [0121.042] lstrlenW (lpString="CurrentNumberOfRows") returned 19 [0121.042] lstrlenW (lpString="name") returned 4 [0121.042] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CurrentNumberOfRows", cchCount2=19) returned 3 [0121.042] free (_Block=0x43c940) [0121.042] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.042] malloc (_Size=0x18) returned 0x43c940 [0121.042] lstrlenW (lpString="CurrentRefreshRate") returned 18 [0121.042] lstrlenW (lpString="name") returned 4 [0121.042] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CurrentRefreshRate", cchCount2=18) returned 3 [0121.043] free (_Block=0x43c940) [0121.043] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.043] malloc (_Size=0x18) returned 0x43c940 [0121.043] lstrlenW (lpString="CurrentScanMode") returned 15 [0121.043] lstrlenW (lpString="name") returned 4 [0121.043] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CurrentScanMode", cchCount2=15) returned 3 [0121.043] free (_Block=0x43c940) [0121.043] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.043] malloc (_Size=0x18) returned 0x43c940 [0121.044] lstrlenW (lpString="CurrentVerticalResolution") returned 25 [0121.044] lstrlenW (lpString="name") returned 4 [0121.044] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="CurrentVerticalResolution", cchCount2=25) returned 3 [0121.044] free (_Block=0x43c940) [0121.044] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.044] malloc (_Size=0x18) returned 0x43c940 [0121.044] lstrlenW (lpString="Description") returned 11 [0121.044] lstrlenW (lpString="name") returned 4 [0121.044] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Description", cchCount2=11) returned 3 [0121.045] free (_Block=0x43c940) [0121.045] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.045] malloc (_Size=0x18) returned 0x43c940 [0121.045] lstrlenW (lpString="DeviceID") returned 8 [0121.045] lstrlenW (lpString="name") returned 4 [0121.045] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="DeviceID", cchCount2=8) returned 3 [0121.045] free (_Block=0x43c940) [0121.045] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.045] malloc (_Size=0x18) returned 0x43c940 [0121.046] lstrlenW (lpString="DeviceSpecificPens") returned 18 [0121.046] lstrlenW (lpString="name") returned 4 [0121.046] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="DeviceSpecificPens", cchCount2=18) returned 3 [0121.046] free (_Block=0x43c940) [0121.046] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.046] malloc (_Size=0x18) returned 0x43c940 [0121.046] lstrlenW (lpString="DitherType") returned 10 [0121.046] lstrlenW (lpString="name") returned 4 [0121.046] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="DitherType", cchCount2=10) returned 3 [0121.047] free (_Block=0x43c940) [0121.047] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.047] malloc (_Size=0x18) returned 0x43c940 [0121.047] lstrlenW (lpString="DriverDate") returned 10 [0121.047] lstrlenW (lpString="name") returned 4 [0121.047] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="DriverDate", cchCount2=10) returned 3 [0121.047] free (_Block=0x43c940) [0121.047] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.047] malloc (_Size=0x18) returned 0x43c940 [0121.048] lstrlenW (lpString="DriverVersion") returned 13 [0121.048] lstrlenW (lpString="name") returned 4 [0121.048] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="DriverVersion", cchCount2=13) returned 3 [0121.048] free (_Block=0x43c940) [0121.048] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.048] malloc (_Size=0x18) returned 0x43c940 [0121.048] lstrlenW (lpString="ErrorCleared") returned 12 [0121.048] lstrlenW (lpString="name") returned 4 [0121.048] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ErrorCleared", cchCount2=12) returned 3 [0121.049] free (_Block=0x43c940) [0121.049] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.049] malloc (_Size=0x18) returned 0x43c940 [0121.049] lstrlenW (lpString="ErrorDescription") returned 16 [0121.049] lstrlenW (lpString="name") returned 4 [0121.049] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ErrorDescription", cchCount2=16) returned 3 [0121.049] free (_Block=0x43c940) [0121.050] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.050] malloc (_Size=0x18) returned 0x43c940 [0121.050] lstrlenW (lpString="ICMIntent") returned 9 [0121.050] lstrlenW (lpString="name") returned 4 [0121.050] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ICMIntent", cchCount2=9) returned 3 [0121.050] free (_Block=0x43c940) [0121.050] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.050] malloc (_Size=0x18) returned 0x43c940 [0121.050] lstrlenW (lpString="ICMMethod") returned 9 [0121.051] lstrlenW (lpString="name") returned 4 [0121.051] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ICMMethod", cchCount2=9) returned 3 [0121.051] free (_Block=0x43c940) [0121.051] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.051] malloc (_Size=0x18) returned 0x43c940 [0121.051] lstrlenW (lpString="InfFilename") returned 11 [0121.051] lstrlenW (lpString="name") returned 4 [0121.051] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="InfFilename", cchCount2=11) returned 3 [0121.051] free (_Block=0x43c940) [0121.052] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.052] malloc (_Size=0x18) returned 0x43c940 [0121.052] lstrlenW (lpString="InfSection") returned 10 [0121.052] lstrlenW (lpString="name") returned 4 [0121.052] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="InfSection", cchCount2=10) returned 3 [0121.052] free (_Block=0x43c940) [0121.052] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.052] malloc (_Size=0x18) returned 0x43c940 [0121.053] lstrlenW (lpString="InstallDate") returned 11 [0121.053] lstrlenW (lpString="name") returned 4 [0121.053] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="InstallDate", cchCount2=11) returned 3 [0121.053] free (_Block=0x43c940) [0121.053] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.053] malloc (_Size=0x18) returned 0x43c940 [0121.053] lstrlenW (lpString="InstalledDisplayDrivers") returned 23 [0121.053] lstrlenW (lpString="name") returned 4 [0121.053] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="InstalledDisplayDrivers", cchCount2=23) returned 3 [0121.054] free (_Block=0x43c940) [0121.054] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.054] malloc (_Size=0x18) returned 0x43c940 [0121.054] lstrlenW (lpString="LastErrorCode") returned 13 [0121.054] lstrlenW (lpString="name") returned 4 [0121.054] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="LastErrorCode", cchCount2=13) returned 3 [0121.054] free (_Block=0x43c940) [0121.054] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.054] malloc (_Size=0x18) returned 0x43c940 [0121.055] lstrlenW (lpString="MaxMemorySupported") returned 18 [0121.055] lstrlenW (lpString="name") returned 4 [0121.055] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="MaxMemorySupported", cchCount2=18) returned 3 [0121.055] free (_Block=0x43c940) [0121.055] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.055] malloc (_Size=0x18) returned 0x43c940 [0121.055] lstrlenW (lpString="MaxNumberControlled") returned 19 [0121.055] lstrlenW (lpString="name") returned 4 [0121.055] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="MaxNumberControlled", cchCount2=19) returned 3 [0121.056] free (_Block=0x43c940) [0121.056] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.056] malloc (_Size=0x18) returned 0x43c940 [0121.056] lstrlenW (lpString="MaxRefreshRate") returned 14 [0121.056] lstrlenW (lpString="name") returned 4 [0121.056] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="MaxRefreshRate", cchCount2=14) returned 3 [0121.056] free (_Block=0x43c940) [0121.057] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.057] malloc (_Size=0x18) returned 0x43c940 [0121.057] lstrlenW (lpString="MinRefreshRate") returned 14 [0121.057] lstrlenW (lpString="name") returned 4 [0121.057] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="MinRefreshRate", cchCount2=14) returned 3 [0121.058] free (_Block=0x43c940) [0121.058] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.058] malloc (_Size=0x18) returned 0x43c940 [0121.058] lstrlenW (lpString="Monochrome") returned 10 [0121.058] lstrlenW (lpString="name") returned 4 [0121.058] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Monochrome", cchCount2=10) returned 3 [0121.058] free (_Block=0x43c940) [0121.058] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.058] malloc (_Size=0x18) returned 0x43c940 [0121.059] lstrlenW (lpString="Name") returned 4 [0121.059] lstrlenW (lpString="name") returned 4 [0121.059] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Name", cchCount2=4) returned 2 [0121.059] free (_Block=0x43c940) [0121.059] malloc (_Size=0x48) returned 0x43cd00 [0121.060] IWbemClassObject:GetPropertyQualifierSet (in: This=0x24d290, wszProperty="Name", ppQualSet=0x16ce88 | out: ppQualSet=0x16ce88*=0x1fdf40) returned 0x0 [0121.060] malloc (_Size=0x18) returned 0x43c940 [0121.060] IWbemQualifierSet:Get (in: This=0x1fdf40, wszName="CIMTYPE", lFlags=0, pVal=0x16cf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x4), plFlavor=0x0 | out: pVal=0x16cf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="string", varVal2=0x4), plFlavor=0x0) returned 0x0 [0121.061] free (_Block=0x43c940) [0121.061] malloc (_Size=0x18) returned 0x43c940 [0121.061] IWbemClassObject:Get (in: This=0x24d290, wszName="Name", lFlags=0, pVal=0x16cfb8*(varType=0x0, wReserved1=0x43, wReserved2=0x0, wReserved3=0x0, varVal1=0xfffffffffffffffe, varVal2=0x0), pType=0x16ce98*=-102194876, plFlavor=0x0 | out: pVal=0x16cfb8*(varType=0x1, wReserved1=0x43, wReserved2=0x0, wReserved3=0x0, varVal1=0xfffffffffffffffe, varVal2=0x0), pType=0x16ce98*=8, plFlavor=0x0) returned 0x0 [0121.061] malloc (_Size=0x18) returned 0x43c980 [0121.061] IWbemQualifierSet:Get (in: This=0x1fdf40, wszName="read", lFlags=0, pVal=0x16cea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), plFlavor=0x0 | out: pVal=0x16cea0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), plFlavor=0x0) returned 0x0 [0121.062] free (_Block=0x43c980) [0121.062] malloc (_Size=0x18) returned 0x43c980 [0121.062] malloc (_Size=0x18) returned 0x43c9a0 [0121.062] IWbemQualifierSet:Get (in: This=0x1fdf40, wszName="write", lFlags=0, pVal=0x16cea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), plFlavor=0x0 | out: pVal=0x16cea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), plFlavor=0x0) returned 0x80041002 [0121.062] free (_Block=0x43c9a0) [0121.063] malloc (_Size=0x18) returned 0x43c9a0 [0121.063] IWbemQualifierSet:Get (in: This=0x1fdf40, wszName="Description", lFlags=0, pVal=0x16cf50*(varType=0x0, wReserved1=0x16, wReserved2=0x0, wReserved3=0x0, varVal1=0xffc44293, varVal2=0x16d0b0), plFlavor=0x0 | out: pVal=0x16cf50*(varType=0x8, wReserved1=0x16, wReserved2=0x0, wReserved3=0x0, varVal1="The Name property defines the label by which the object is known. When subclassed, the Name property can be overridden to be a Key property.", varVal2=0x16d0b0), plFlavor=0x0) returned 0x0 [0121.063] free (_Block=0x43c9a0) [0121.063] malloc (_Size=0x18) returned 0x43c9a0 [0121.063] IUnknown:Release (This=0x1fdf40) returned 0x0 [0121.063] malloc (_Size=0x18) returned 0x43c9c0 [0121.063] malloc (_Size=0x48) returned 0x43cd50 [0121.064] malloc (_Size=0x18) returned 0x43c9e0 [0121.064] malloc (_Size=0x48) returned 0x43cda0 [0121.064] malloc (_Size=0x70) returned 0x43cdf0 [0121.064] malloc (_Size=0x48) returned 0x43ce70 [0121.064] free (_Block=0x43cda0) [0121.065] free (_Block=0x43cd50) [0121.065] free (_Block=0x43cd00) [0121.065] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.065] malloc (_Size=0x18) returned 0x43ca00 [0121.065] lstrlenW (lpString="NumberOfColorPlanes") returned 19 [0121.065] lstrlenW (lpString="name") returned 4 [0121.066] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="NumberOfColorPlanes", cchCount2=19) returned 1 [0121.066] free (_Block=0x43ca00) [0121.066] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.066] malloc (_Size=0x18) returned 0x43ca00 [0121.066] lstrlenW (lpString="NumberOfVideoPages") returned 18 [0121.066] lstrlenW (lpString="name") returned 4 [0121.066] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="NumberOfVideoPages", cchCount2=18) returned 1 [0121.066] free (_Block=0x43ca00) [0121.067] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.067] malloc (_Size=0x18) returned 0x43ca00 [0121.067] lstrlenW (lpString="PNPDeviceID") returned 11 [0121.067] lstrlenW (lpString="name") returned 4 [0121.067] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="PNPDeviceID", cchCount2=11) returned 1 [0121.067] free (_Block=0x43ca00) [0121.067] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.067] malloc (_Size=0x18) returned 0x43ca00 [0121.068] lstrlenW (lpString="PowerManagementCapabilities") returned 27 [0121.068] lstrlenW (lpString="name") returned 4 [0121.068] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="PowerManagementCapabilities", cchCount2=27) returned 1 [0121.068] free (_Block=0x43ca00) [0121.068] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.068] malloc (_Size=0x18) returned 0x43ca00 [0121.068] lstrlenW (lpString="PowerManagementSupported") returned 24 [0121.068] lstrlenW (lpString="name") returned 4 [0121.068] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="PowerManagementSupported", cchCount2=24) returned 1 [0121.069] free (_Block=0x43ca00) [0121.069] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.069] malloc (_Size=0x18) returned 0x43ca00 [0121.069] lstrlenW (lpString="ProtocolSupported") returned 17 [0121.069] lstrlenW (lpString="name") returned 4 [0121.069] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ProtocolSupported", cchCount2=17) returned 1 [0121.069] free (_Block=0x43ca00) [0121.069] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.069] malloc (_Size=0x18) returned 0x43ca00 [0121.070] lstrlenW (lpString="ReservedSystemPaletteEntries") returned 28 [0121.070] lstrlenW (lpString="name") returned 4 [0121.070] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="ReservedSystemPaletteEntries", cchCount2=28) returned 1 [0121.070] free (_Block=0x43ca00) [0121.070] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.070] malloc (_Size=0x18) returned 0x43ca00 [0121.070] lstrlenW (lpString="SpecificationVersion") returned 20 [0121.070] lstrlenW (lpString="name") returned 4 [0121.070] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="SpecificationVersion", cchCount2=20) returned 1 [0121.071] free (_Block=0x43ca00) [0121.071] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.071] malloc (_Size=0x18) returned 0x43ca00 [0121.071] lstrlenW (lpString="Status") returned 6 [0121.071] lstrlenW (lpString="name") returned 4 [0121.071] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="Status", cchCount2=6) returned 1 [0121.071] free (_Block=0x43ca00) [0121.071] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.072] malloc (_Size=0x18) returned 0x43ca00 [0121.072] lstrlenW (lpString="StatusInfo") returned 10 [0121.072] lstrlenW (lpString="name") returned 4 [0121.072] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="StatusInfo", cchCount2=10) returned 1 [0121.075] free (_Block=0x43ca00) [0121.075] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.075] malloc (_Size=0x18) returned 0x43ca00 [0121.075] lstrlenW (lpString="SystemCreationClassName") returned 23 [0121.075] lstrlenW (lpString="name") returned 4 [0121.075] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="SystemCreationClassName", cchCount2=23) returned 1 [0121.076] free (_Block=0x43ca00) [0121.076] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.076] malloc (_Size=0x18) returned 0x43ca00 [0121.076] lstrlenW (lpString="SystemName") returned 10 [0121.076] lstrlenW (lpString="name") returned 4 [0121.076] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="SystemName", cchCount2=10) returned 1 [0121.076] free (_Block=0x43ca00) [0121.076] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.077] malloc (_Size=0x18) returned 0x43ca00 [0121.077] lstrlenW (lpString="SystemPaletteEntries") returned 20 [0121.077] lstrlenW (lpString="name") returned 4 [0121.077] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="SystemPaletteEntries", cchCount2=20) returned 1 [0121.077] free (_Block=0x43ca00) [0121.077] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.077] malloc (_Size=0x18) returned 0x43ca00 [0121.077] lstrlenW (lpString="TimeOfLastReset") returned 15 [0121.077] lstrlenW (lpString="name") returned 4 [0121.077] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="TimeOfLastReset", cchCount2=15) returned 1 [0121.078] free (_Block=0x43ca00) [0121.078] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.078] malloc (_Size=0x18) returned 0x43ca00 [0121.078] lstrlenW (lpString="VideoArchitecture") returned 17 [0121.078] lstrlenW (lpString="name") returned 4 [0121.078] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="VideoArchitecture", cchCount2=17) returned 1 [0121.078] free (_Block=0x43ca00) [0121.078] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.079] malloc (_Size=0x18) returned 0x43ca00 [0121.079] lstrlenW (lpString="VideoMemoryType") returned 15 [0121.079] lstrlenW (lpString="name") returned 4 [0121.079] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="VideoMemoryType", cchCount2=15) returned 1 [0121.079] free (_Block=0x43ca00) [0121.079] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.079] malloc (_Size=0x18) returned 0x43ca00 [0121.079] lstrlenW (lpString="VideoMode") returned 9 [0121.079] lstrlenW (lpString="name") returned 4 [0121.079] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="VideoMode", cchCount2=9) returned 1 [0121.080] free (_Block=0x43ca00) [0121.080] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.080] malloc (_Size=0x18) returned 0x43ca00 [0121.080] lstrlenW (lpString="VideoModeDescription") returned 20 [0121.080] lstrlenW (lpString="name") returned 4 [0121.080] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="VideoModeDescription", cchCount2=20) returned 1 [0121.080] free (_Block=0x43ca00) [0121.081] SafeArrayGetElement (in: psa=0x218230, rgIndices=0x16d038, pv=0x16d030 | out: pv=0x16d030) returned 0x0 [0121.081] malloc (_Size=0x18) returned 0x43ca00 [0121.081] lstrlenW (lpString="VideoProcessor") returned 14 [0121.081] lstrlenW (lpString="name") returned 4 [0121.081] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="name", cchCount1=4, lpString2="VideoProcessor", cchCount2=14) returned 1 [0121.081] free (_Block=0x43ca00) [0121.081] IUnknown:Release (This=0x24d290) returned 0x0 [0121.081] free (_Block=0x43cce0) [0121.082] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0121.082] malloc (_Size=0x70) returned 0x43cce0 [0121.082] malloc (_Size=0x70) returned 0x43cd60 [0121.082] malloc (_Size=0x48) returned 0x43cec0 [0121.082] malloc (_Size=0x8) returned 0x43cf10 [0121.082] lstrlenW (lpString="name") returned 4 [0121.082] lstrlenW (lpString="Name") returned 4 [0121.082] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="name", cchCount2=4) returned 2 [0121.082] SysStringLen (param_1="Name") returned 0x4 [0121.082] malloc (_Size=0xa) returned 0x43ca00 [0121.082] SysStringLen (param_1="Name") returned 0x4 [0121.082] malloc (_Size=0x8) returned 0x43cf30 [0121.083] free (_Block=0x43c900) [0121.083] lstrlenW (lpString="Name") returned 4 [0121.083] malloc (_Size=0xa) returned 0x43c900 [0121.083] lstrlenW (lpString="Name") returned 4 [0121.083] free (_Block=0x43ca00) [0121.083] free (_Block=0x43cf30) [0121.083] free (_Block=0x43cf10) [0121.084] free (_Block=0x43cec0) [0121.084] free (_Block=0x43cd60) [0121.084] free (_Block=0x43cce0) [0121.084] lstrlenW (lpString="SET") returned 3 [0121.084] lstrlenW (lpString="get") returned 3 [0121.084] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="SET", cchCount2=3) returned 1 [0121.084] lstrlenW (lpString="CREATE") returned 6 [0121.084] lstrlenW (lpString="get") returned 3 [0121.085] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="CREATE", cchCount2=6) returned 3 [0121.085] free (_Block=0x43cc90) [0121.085] malloc (_Size=0x8) returned 0x43cc90 [0121.085] lstrlenW (lpString="GET") returned 3 [0121.085] lstrlenW (lpString="get") returned 3 [0121.085] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2 [0121.085] free (_Block=0x43c8e0) [0121.085] malloc (_Size=0x18) returned 0x43c8e0 [0121.086] free (_Block=0x43c8c0) [0121.086] malloc (_Size=0x18) returned 0x43c8c0 [0121.086] ??0CHString@@QEAA@XZ () returned 0x16f548 [0121.086] malloc (_Size=0x18) returned 0x43ca00 [0121.086] malloc (_Size=0x20) returned 0x43cce0 [0121.086] memcpy_s (in: _Destination=0x43cce0, _DestinationSize=0x1e, _Source=0x234cb8, _SourceSize=0x14 | out: _Destination=0x43cce0) returned 0x0 [0121.086] lstrlenW (lpString="&") returned 1 [0121.086] lstrlenW (lpString="&") returned 5 [0121.087] lstrlenW (lpString="<") returned 1 [0121.087] lstrlenW (lpString="<") returned 4 [0121.087] lstrlenW (lpString=">") returned 1 [0121.087] lstrlenW (lpString=">") returned 4 [0121.087] lstrlenW (lpString="'") returned 1 [0121.087] lstrlenW (lpString="'") returned 6 [0121.087] lstrlenW (lpString="\"") returned 1 [0121.087] lstrlenW (lpString=""") returned 6 [0121.087] malloc (_Size=0x18) returned 0x43ca20 [0121.087] free (_Block=0x43ca00) [0121.088] free (_Block=0x43cce0) [0121.088] ?Format@CHString@@QEAAXPEBGZZ () returned 0x43cecc [0121.089] malloc (_Size=0x18) returned 0x43ca00 [0121.089] malloc (_Size=0x18) returned 0x43ca40 [0121.089] SysStringLen (param_1="") returned 0x0 [0121.089] SysStringLen (param_1="") returned 0x1b [0121.089] memcpy (in: _Dst=0x216188, _Src=0x20f688, _Size=0x2 | out: _Dst=0x216188) returned 0x216188 [0121.089] memcpy (in: _Dst=0x216188, _Src=0x216138, _Size=0x38 | out: _Dst=0x216188) returned 0x216188 [0121.089] free (_Block=0x43c8c0) [0121.089] free (_Block=0x43ca00) [0121.089] free (_Block=0x43ca20) [0121.089] ??1CHString@@QEAA@XZ () returned 0x711e1001 [0121.090] WbemLocator:IUnknown:AddRef (This=0x1bcb90) returned 0x3 [0121.090] free (_Block=0x437fb0) [0121.090] lstrlenW (lpString="") returned 0 [0121.090] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0121.090] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2="", cchCount2=0) returned 3 [0121.090] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0121.090] malloc (_Size=0x16) returned 0x43ca20 [0121.090] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0121.090] GetCurrentThreadId () returned 0xe10 [0121.090] GetCurrentProcess () returned 0xffffffffffffffff [0121.090] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x16f3c0 | out: TokenHandle=0x16f3c0*=0x270) returned 1 [0121.091] GetTokenInformation (in: TokenHandle=0x270, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16f3b8 | out: TokenInformation=0x0, ReturnLength=0x16f3b8) returned 0 [0121.091] malloc (_Size=0x118) returned 0x43cec0 [0121.091] GetTokenInformation (in: TokenHandle=0x270, TokenInformationClass=0x3, TokenInformation=0x43cec0, TokenInformationLength=0x118, ReturnLength=0x16f3b8 | out: TokenInformation=0x43cec0, ReturnLength=0x16f3b8) returned 1 [0121.091] AdjustTokenPrivileges (in: TokenHandle=0x270, DisableAllPrivileges=0, NewState=0x43cec0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=-1944186165, Attributes=0x19b7), (Luid.LowPart=0x0, Luid.HighPart=4443360, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0121.091] free (_Block=0x43cec0) [0121.092] CloseHandle (hObject=0x270) returned 1 [0121.092] lstrlenW (lpString="GET") returned 3 [0121.092] lstrlenW (lpString="get") returned 3 [0121.092] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2 [0121.092] malloc (_Size=0x18) returned 0x43ca00 [0121.092] lstrlenA (lpString="") returned 0 [0121.092] malloc (_Size=0x2) returned 0x437fb0 [0121.092] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=-1, lpWideCharStr=0x437fb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0121.092] free (_Block=0x437fb0) [0121.093] malloc (_Size=0x18) returned 0x43c8c0 [0121.093] lstrlenA (lpString="") returned 0 [0121.093] malloc (_Size=0x2) returned 0x437fb0 [0121.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=-1, lpWideCharStr=0x437fb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0121.093] free (_Block=0x437fb0) [0121.093] malloc (_Size=0x18) returned 0x43ca60 [0121.093] lstrlenA (lpString="") returned 0 [0121.093] malloc (_Size=0x2) returned 0x437fb0 [0121.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=-1, lpWideCharStr=0x437fb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0121.093] free (_Block=0x437fb0) [0121.093] malloc (_Size=0x18) returned 0x43ca80 [0121.094] lstrlenA (lpString="") returned 0 [0121.094] malloc (_Size=0x2) returned 0x437fb0 [0121.094] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=-1, lpWideCharStr=0x437fb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0121.094] free (_Block=0x437fb0) [0121.094] malloc (_Size=0x18) returned 0x43caa0 [0121.094] malloc (_Size=0x18) returned 0x43cac0 [0121.094] SysStringLen (param_1="") returned 0x0 [0121.094] SysStringLen (param_1="Name") returned 0x4 [0121.094] memcpy (in: _Dst=0x241df8, _Src=0x234cb8, _Size=0x2 | out: _Dst=0x241df8) returned 0x241df8 [0121.095] memcpy (in: _Dst=0x241df8, _Src=0x241dc8, _Size=0xa | out: _Dst=0x241df8) returned 0x241df8 [0121.095] free (_Block=0x43ca00) [0121.095] free (_Block=0x43caa0) [0121.095] lstrlenW (lpString="__CLASS") returned 7 [0121.095] lstrlenW (lpString="Name") returned 4 [0121.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__CLASS", cchCount2=7) returned 3 [0121.095] lstrlenW (lpString="__DERIVATION") returned 12 [0121.095] lstrlenW (lpString="Name") returned 4 [0121.095] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__DERIVATION", cchCount2=12) returned 3 [0121.095] lstrlenW (lpString="__DYNASTY") returned 9 [0121.096] lstrlenW (lpString="Name") returned 4 [0121.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__DYNASTY", cchCount2=9) returned 3 [0121.096] lstrlenW (lpString="__GENUS") returned 7 [0121.096] lstrlenW (lpString="Name") returned 4 [0121.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__GENUS", cchCount2=7) returned 3 [0121.096] lstrlenW (lpString="__NAMESPACE") returned 11 [0121.096] lstrlenW (lpString="Name") returned 4 [0121.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__NAMESPACE", cchCount2=11) returned 3 [0121.096] lstrlenW (lpString="__PATH") returned 6 [0121.096] lstrlenW (lpString="Name") returned 4 [0121.096] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__PATH", cchCount2=6) returned 3 [0121.096] lstrlenW (lpString="__PROPERTYCOUNT") returned 15 [0121.097] lstrlenW (lpString="Name") returned 4 [0121.097] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__PROPERTYCOUNT", cchCount2=15) returned 3 [0121.097] lstrlenW (lpString="__RELPATH") returned 9 [0121.097] lstrlenW (lpString="Name") returned 4 [0121.097] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__RELPATH", cchCount2=9) returned 3 [0121.097] lstrlenW (lpString="__SERVER") returned 8 [0121.097] lstrlenW (lpString="Name") returned 4 [0121.097] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__SERVER", cchCount2=8) returned 3 [0121.097] lstrlenW (lpString="__SUPERCLASS") returned 12 [0121.097] lstrlenW (lpString="Name") returned 4 [0121.097] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Name", cchCount1=4, lpString2="__SUPERCLASS", cchCount2=12) returned 3 [0121.097] malloc (_Size=0x18) returned 0x43caa0 [0121.097] malloc (_Size=0x18) returned 0x43ca00 [0121.098] lstrlenA (lpString=" FROM ") returned 6 [0121.098] malloc (_Size=0xe) returned 0x43cae0 [0121.098] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=" FROM ", cbMultiByte=-1, lpWideCharStr=0x43cae0, cchWideChar=7 | out: lpWideCharStr=" FROM ") returned 7 [0121.098] free (_Block=0x43cae0) [0121.098] malloc (_Size=0x18) returned 0x43cae0 [0121.098] malloc (_Size=0x18) returned 0x43cb00 [0121.098] SysStringLen (param_1="SELECT ") returned 0x7 [0121.098] SysStringLen (param_1="Name") returned 0x4 [0121.098] memcpy (in: _Dst=0x242098, _Src=0x241dc8, _Size=0x10 | out: _Dst=0x242098) returned 0x242098 [0121.098] memcpy (in: _Dst=0x2420a6, _Src=0x241df8, _Size=0xa | out: _Dst=0x2420a6) returned 0x2420a6 [0121.099] malloc (_Size=0x18) returned 0x43cb20 [0121.099] SysStringLen (param_1="SELECT Name") returned 0xb [0121.099] SysStringLen (param_1=" FROM ") returned 0x6 [0121.099] memcpy (in: _Dst=0x216228, _Src=0x242098, _Size=0x18 | out: _Dst=0x216228) returned 0x216228 [0121.099] memcpy (in: _Dst=0x21623e, _Src=0x234cb8, _Size=0xe | out: _Dst=0x21623e) returned 0x21623e [0121.099] malloc (_Size=0x18) returned 0x43cef0 [0121.099] SysStringLen (param_1="SELECT Name FROM ") returned 0x11 [0121.099] SysStringLen (param_1="win32_VideoController") returned 0x15 [0121.099] memcpy (in: _Dst=0x1f6dd8, _Src=0x216228, _Size=0x24 | out: _Dst=0x1f6dd8) returned 0x1f6dd8 [0121.100] memcpy (in: _Dst=0x1f6dfa, _Src=0x216138, _Size=0x2c | out: _Dst=0x1f6dfa) returned 0x1f6dfa [0121.100] free (_Block=0x43ca60) [0121.100] free (_Block=0x43cb20) [0121.100] free (_Block=0x43cb00) [0121.100] free (_Block=0x43cae0) [0121.100] free (_Block=0x43ca00) [0121.100] free (_Block=0x43caa0) [0121.101] ??0CHString@@QEAA@XZ () returned 0x16b270 [0121.101] GetCurrentThreadId () returned 0xe10 [0121.101] CoCreateInstance (in: rclsid=0xffc373d0*(Data1=0x8d1c559d, Data2=0x84f0, Data3=0x4bb3, Data4=([0]=0xa7, [1]=0xd5, [2]=0x56, [3]=0xa7, [4]=0x43, [5]=0x5a, [6]=0x9b, [7]=0xa6)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xffc373e0*(Data1=0xbfbf883a, Data2=0xcad7, Data3=0x11d3, Data4=([0]=0xa1, [1]=0x1b, [2]=0x0, [3]=0x10, [4]=0x5a, [5]=0x1f, [6]=0x51, [7]=0x5a)), ppv=0xffca29c0 | out: ppv=0xffca29c0*=0x2395d0) returned 0x0 [0121.105] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0121.105] ??0CHString@@QEAA@XZ () returned 0x16b270 [0121.105] GetCurrentThreadId () returned 0xe10 [0121.106] malloc (_Size=0x18) returned 0x43caa0 [0121.106] malloc (_Size=0x18) returned 0x43ca00 [0121.106] malloc (_Size=0x18) returned 0x43cae0 [0121.106] malloc (_Size=0x18) returned 0x43cb00 [0121.106] malloc (_Size=0x18) returned 0x43cb20 [0121.106] SysStringLen (param_1="\\\\") returned 0x2 [0121.106] SysStringLen (param_1="Q9IATRKPRH") returned 0xa [0121.107] memcpy (in: _Dst=0x216228, _Src=0x234cb8, _Size=0x6 | out: _Dst=0x216228) returned 0x216228 [0121.107] memcpy (in: _Dst=0x21622c, _Src=0x241dc8, _Size=0x16 | out: _Dst=0x21622c) returned 0x21622c [0121.107] malloc (_Size=0x18) returned 0x43ca60 [0121.107] SysStringLen (param_1="\\\\Q9IATRKPRH") returned 0xc [0121.107] SysStringLen (param_1="\\") returned 0x1 [0121.107] memcpy (in: _Dst=0x216138, _Src=0x216228, _Size=0x1a | out: _Dst=0x216138) returned 0x216138 [0121.107] memcpy (in: _Dst=0x216150, _Src=0x242098, _Size=0x4 | out: _Dst=0x216150) returned 0x216150 [0121.107] malloc (_Size=0x18) returned 0x43cf10 [0121.107] SysStringLen (param_1="\\\\Q9IATRKPRH\\") returned 0xd [0121.107] SysStringLen (param_1="root\\cimv2") returned 0xa [0121.108] memcpy (in: _Dst=0x216278, _Src=0x216138, _Size=0x1c | out: _Dst=0x216278) returned 0x216278 [0121.108] memcpy (in: _Dst=0x216292, _Src=0x234c88, _Size=0x16 | out: _Dst=0x216292) returned 0x216292 [0121.108] free (_Block=0x43ca60) [0121.108] free (_Block=0x43cb20) [0121.108] free (_Block=0x43cb00) [0121.108] free (_Block=0x43cae0) [0121.108] free (_Block=0x43ca00) [0121.109] free (_Block=0x43caa0) [0121.109] malloc (_Size=0x18) returned 0x43caa0 [0121.109] malloc (_Size=0x18) returned 0x43ca00 [0121.109] malloc (_Size=0x18) returned 0x43cae0 [0121.109] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1bcb90, strNetworkResource="\\\\Q9IATRKPRH\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xffca29d0 | out: ppNamespace=0xffca29d0*=0x2265e0) returned 0x0 [0121.123] free (_Block=0x43cae0) [0121.123] free (_Block=0x43ca00) [0121.123] free (_Block=0x43caa0) [0121.123] CoSetProxyBlanket (pProxy=0x2265e0, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0121.124] free (_Block=0x43cf10) [0121.124] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0121.124] ??0CHString@@QEAA@XZ () returned 0x16b180 [0121.124] GetCurrentThreadId () returned 0xe10 [0121.124] free (_Block=0x43ca80) [0121.125] malloc (_Size=0x18) returned 0x43ca80 [0121.125] ??0CHString@@QEAA@XZ () returned 0x16b130 [0121.125] GetCurrentThreadId () returned 0xe10 [0121.125] CoCreateInstanceEx (in: Clsid=0xffc373b0*(Data1=0x674b6698, Data2=0xee92, Data3=0x11d0, Data4=([0]=0xad, [1]=0x71, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd8, [6]=0xfd, [7]=0xff)), punkOuter=0x0, dwClsCtx=0x1, pServerInfo=0x0, dwCount=0x1, pResults=0x16b0e0 | out: pResults=((pIID=0xffc37380*(Data1=0x44aca674, Data2=0xe8fc, Data3=0x11d0, Data4=([0]=0xa0, [1]=0x7c, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), pItf=0x238520, hr=0x0))) returned 0x0 [0121.129] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0121.129] malloc (_Size=0x18) returned 0x43caa0 [0121.129] IWbemServices:ExecQuery (in: This=0x2265e0, strQueryLanguage="WQL", strQuery="SELECT Name FROM win32_VideoController", lFlags=48, pCtx=0x0, ppEnum=0x16b190 | out: ppEnum=0x16b190*=0x242d60) returned 0x0 [0121.141] free (_Block=0x43caa0) [0121.141] malloc (_Size=0x18) returned 0x43caa0 [0121.141] WbemContext:IWbemContext:SetValue (This=0x238520, wszName="ExcludeSystemProperties", lFlags=0, pValue=0x16b1f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0)) returned 0x0 [0121.141] free (_Block=0x43caa0) [0121.142] CoSetProxyBlanket (pProxy=0x242d60, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0121.150] IEnumWbemClassObject:Next (in: This=0x242d60, lTimeout=-1, uCount=0x1, apObjects=0x16b198, puReturned=0x16b1b0 | out: apObjects=0x16b198*=0x2443e0, puReturned=0x16b1b0*=0x1) returned 0x0 [0121.168] WbemObjectTextSrc:IWbemObjectTextSrc:GetText (in: This=0x2395d0, lFlags=0, pObj=0x2443e0, uObjTextFormat=0x1, pCtx=0x238520, strText=0x16b1a0 | out: strText=0x16b1a0*="Radeon (TM) RX 470 Graphics") returned 0x0 [0121.190] malloc (_Size=0x18) returned 0x43caa0 [0121.190] malloc (_Size=0x18) returned 0x43ca00 [0121.190] SysStringLen (param_1="") returned 0x5 [0121.190] SysStringLen (param_1="Radeon (TM) RX 470 Graphics") returned 0x90 [0121.191] memcpy (in: _Dst=0x244a88, _Src=0x234cb8, _Size=0xc | out: _Dst=0x244a88) returned 0x244a88 [0121.191] memcpy (in: _Dst=0x244a92, _Src=0x244948, _Size=0x122 | out: _Dst=0x244a92) returned 0x244a92 [0121.191] free (_Block=0x43ca80) [0121.191] free (_Block=0x43caa0) [0121.191] IUnknown:Release (This=0x2443e0) returned 0x0 [0121.191] IEnumWbemClassObject:Next (in: This=0x242d60, lTimeout=-1, uCount=0x1, apObjects=0x16b198, puReturned=0x16b1b0 | out: apObjects=0x16b198*=0x0, puReturned=0x16b1b0*=0x0) returned 0x1 [0121.193] malloc (_Size=0x18) returned 0x43caa0 [0121.194] malloc (_Size=0x18) returned 0x43ca80 [0121.194] SysStringLen (param_1="Radeon (TM) RX 470 Graphics") returned 0x95 [0121.194] SysStringLen (param_1="") returned 0x6 [0121.194] memcpy (in: _Dst=0x2443e8, _Src=0x244a88, _Size=0x12c | out: _Dst=0x2443e8) returned 0x2443e8 [0121.194] memcpy (in: _Dst=0x244512, _Src=0x241d68, _Size=0xe | out: _Dst=0x244512) returned 0x244512 [0121.194] free (_Block=0x43ca00) [0121.194] free (_Block=0x43caa0) [0121.195] free (_Block=0x43ca80) [0121.195] malloc (_Size=0x18) returned 0x43ca80 [0121.195] IUnknown:Release (This=0x242d60) returned 0x0 [0121.198] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0121.198] free (_Block=0x43ca80) [0121.198] free (_Block=0x43cef0) [0121.199] free (_Block=0x43c8c0) [0121.199] free (_Block=0x43cac0) [0121.199] malloc (_Size=0x18) returned 0x43cac0 [0121.199] malloc (_Size=0x18) returned 0x43c8c0 [0121.199] SysStringLen (param_1="") returned 0x1b [0121.199] SysStringLen (param_1="Radeon (TM) RX 470 Graphics") returned 0x9b [0121.199] memcpy (in: _Dst=0x2435f8, _Src=0x216188, _Size=0x38 | out: _Dst=0x2435f8) returned 0x2435f8 [0121.199] memcpy (in: _Dst=0x24362e, _Src=0x2443e8, _Size=0x138 | out: _Dst=0x24362e) returned 0x24362e [0121.200] free (_Block=0x43ca40) [0121.200] free (_Block=0x43cac0) [0121.200] malloc (_Size=0x18) returned 0x43cac0 [0121.200] malloc (_Size=0x18) returned 0x43ca40 [0121.200] SysStringLen (param_1="Radeon (TM) RX 470 Graphics") returned 0xb6 [0121.200] SysStringLen (param_1="") returned 0xa [0121.200] memcpy (in: _Dst=0x244538, _Src=0x2435f8, _Size=0x16e | out: _Dst=0x244538) returned 0x244538 [0121.200] memcpy (in: _Dst=0x2446a4, _Src=0x241d68, _Size=0x16 | out: _Dst=0x2446a4) returned 0x2446a4 [0121.201] free (_Block=0x43c8c0) [0121.201] free (_Block=0x43cac0) [0121.201] ??0CHString@@QEAA@XZ () returned 0x16f420 [0121.201] malloc (_Size=0x18) returned 0x43cac0 [0121.201] malloc (_Size=0x20) returned 0x43cce0 [0121.201] memcpy_s (in: _Destination=0x43cce0, _DestinationSize=0x1e, _Source=0x241d68, _SourceSize=0x14 | out: _Destination=0x43cce0) returned 0x0 [0121.201] lstrlenW (lpString="&") returned 1 [0121.201] lstrlenW (lpString="&") returned 5 [0121.201] lstrlenW (lpString="<") returned 1 [0121.201] lstrlenW (lpString="<") returned 4 [0121.202] lstrlenW (lpString=">") returned 1 [0121.202] lstrlenW (lpString=">") returned 4 [0121.202] lstrlenW (lpString="'") returned 1 [0121.202] lstrlenW (lpString="'") returned 6 [0121.202] lstrlenW (lpString="\"") returned 1 [0121.202] lstrlenW (lpString=""") returned 6 [0121.202] malloc (_Size=0x18) returned 0x43c8c0 [0121.202] free (_Block=0x43cac0) [0121.203] free (_Block=0x43cce0) [0121.204] ?Format@CHString@@QEAAXPEBGZZ () returned 0x43d6cc [0121.204] malloc (_Size=0x18) returned 0x43cac0 [0121.204] free (_Block=0x43c8e0) [0121.204] free (_Block=0x43c8c0) [0121.204] ??1CHString@@QEAA@XZ () returned 0x711e1001 [0121.204] ??0CHString@@QEAA@XZ () returned 0x16f418 [0121.204] malloc (_Size=0x18) returned 0x43c8c0 [0121.205] malloc (_Size=0x18) returned 0x43c8e0 [0121.205] malloc (_Size=0x50) returned 0x43cce0 [0121.205] memcpy_s (in: _Destination=0x43cce0, _DestinationSize=0x4e, _Source=0x1c4898, _SourceSize=0x48 | out: _Destination=0x43cce0) returned 0x0 [0121.205] lstrlenW (lpString="&") returned 1 [0121.205] lstrlenW (lpString="&") returned 5 [0121.205] lstrlenW (lpString="<") returned 1 [0121.205] lstrlenW (lpString="<") returned 4 [0121.205] lstrlenW (lpString=">") returned 1 [0121.205] lstrlenW (lpString=">") returned 4 [0121.205] lstrlenW (lpString="'") returned 1 [0121.205] lstrlenW (lpString="'") returned 6 [0121.205] lstrlenW (lpString="\"") returned 1 [0121.206] lstrlenW (lpString=""") returned 6 [0121.206] malloc (_Size=0x18) returned 0x43ca80 [0121.206] free (_Block=0x43c8e0) [0121.207] free (_Block=0x43cce0) [0121.207] ?Format@CHString@@QEAAXPEBGZZ () returned 0x43d6cc [0121.207] malloc (_Size=0x18) returned 0x43c8e0 [0121.207] malloc (_Size=0x18) returned 0x43caa0 [0121.207] SysStringLen (param_1="") returned 0x9 [0121.207] SysStringLen (param_1=" path win32_VideoController get name") returned 0x3f [0121.207] memcpy (in: _Dst=0x22f6a8, _Src=0x241d68, _Size=0x14 | out: _Dst=0x22f6a8) returned 0x22f6a8 [0121.207] memcpy (in: _Dst=0x22f6ba, _Src=0x230908, _Size=0x80 | out: _Dst=0x22f6ba) returned 0x22f6ba [0121.207] free (_Block=0x43c8c0) [0121.208] free (_Block=0x43c8e0) [0121.208] ??0CHString@@QEAA@XZ () returned 0x16f408 [0121.208] malloc (_Size=0x18) returned 0x43c8e0 [0121.208] ??0CHString@@QEAA@XZ () returned 0x16f398 [0121.208] malloc (_Size=0x18) returned 0x43c8c0 [0121.208] malloc (_Size=0x8) returned 0x437fb0 [0121.208] memmove_s (in: _Destination=0x437fb0, _DestinationSize=0x8, _Source=0x436560, _SourceSize=0x8 | out: _Destination=0x437fb0) returned 0x0 [0121.209] malloc (_Size=0x18) returned 0x43ca00 [0121.209] malloc (_Size=0x20) returned 0x43cce0 [0121.209] memcpy_s (in: _Destination=0x43cce0, _DestinationSize=0x1e, _Source=0x1f72a8, _SourceSize=0x14 | out: _Destination=0x43cce0) returned 0x0 [0121.209] lstrlenW (lpString="&") returned 1 [0121.209] lstrlenW (lpString="&") returned 5 [0121.209] lstrlenW (lpString="<") returned 1 [0121.209] lstrlenW (lpString="<") returned 4 [0121.209] lstrlenW (lpString=">") returned 1 [0121.209] lstrlenW (lpString=">") returned 4 [0121.209] lstrlenW (lpString="'") returned 1 [0121.209] lstrlenW (lpString="'") returned 6 [0121.209] lstrlenW (lpString="\"") returned 1 [0121.209] lstrlenW (lpString=""") returned 6 [0121.209] malloc (_Size=0x18) returned 0x43cae0 [0121.210] free (_Block=0x43ca00) [0121.210] free (_Block=0x43cce0) [0121.210] ?Format@CHString@@QEAAXPEBGZZ () returned 0x43ccec [0121.211] malloc (_Size=0x18) returned 0x43ca00 [0121.211] malloc (_Size=0x18) returned 0x43cb00 [0121.211] SysStringLen (param_1="") returned 0xa [0121.211] SysStringLen (param_1="Q9IATRKPRH") returned 0x17 [0121.211] memcpy (in: _Dst=0x1c4218, _Src=0x241d68, _Size=0x16 | out: _Dst=0x1c4218) returned 0x1c4218 [0121.211] memcpy (in: _Dst=0x1c422c, _Src=0x2161d8, _Size=0x30 | out: _Dst=0x1c422c) returned 0x1c422c [0121.211] free (_Block=0x43c8c0) [0121.211] free (_Block=0x43ca00) [0121.212] malloc (_Size=0x18) returned 0x43ca00 [0121.212] malloc (_Size=0x18) returned 0x43c8c0 [0121.212] SysStringLen (param_1="Q9IATRKPRH") returned 0x21 [0121.212] SysStringLen (param_1="") returned 0xb [0121.212] memcpy (in: _Dst=0x230908, _Src=0x1c4218, _Size=0x44 | out: _Dst=0x230908) returned 0x230908 [0121.212] memcpy (in: _Dst=0x23094a, _Src=0x1f72a8, _Size=0x18 | out: _Dst=0x23094a) returned 0x23094a [0121.212] free (_Block=0x43cb00) [0121.212] free (_Block=0x43ca00) [0121.213] free (_Block=0x43cae0) [0121.213] free (_Block=0x437fb0) [0121.213] ??1CHString@@QEAA@XZ () returned 0x711e1001 [0121.213] malloc (_Size=0x18) returned 0x43cae0 [0121.213] SysStringLen (param_1="") returned 0x17 [0121.213] SysStringLen (param_1="Q9IATRKPRH") returned 0x2c [0121.213] memcpy (in: _Dst=0x230868, _Src=0x216278, _Size=0x30 | out: _Dst=0x230868) returned 0x230868 [0121.213] memcpy (in: _Dst=0x230896, _Src=0x230908, _Size=0x5a | out: _Dst=0x230896) returned 0x230896 [0121.214] free (_Block=0x43c8e0) [0121.214] lstrlenW (lpString="LIST") returned 4 [0121.214] lstrlenW (lpString="get") returned 3 [0121.214] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="LIST", cchCount2=4) returned 1 [0121.214] malloc (_Size=0x18) returned 0x43c8e0 [0121.214] malloc (_Size=0x18) returned 0x43ca00 [0121.214] SysStringLen (param_1="Q9IATRKPRH") returned 0x43 [0121.214] SysStringLen (param_1="") returned 0x18 [0121.214] memcpy (in: _Dst=0x24d8a8, _Src=0x230868, _Size=0x88 | out: _Dst=0x24d8a8) returned 0x24d8a8 [0121.214] memcpy (in: _Dst=0x24d92e, _Src=0x2161d8, _Size=0x32 | out: _Dst=0x24d92e) returned 0x24d92e [0121.215] free (_Block=0x43cae0) [0121.215] free (_Block=0x43c8e0) [0121.215] free (_Block=0x43c8c0) [0121.215] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0121.215] malloc (_Size=0x18) returned 0x43c8c0 [0121.215] SysStringLen (param_1=" path win32_VideoController get name") returned 0x48 [0121.215] SysStringLen (param_1="Q9IATRKPRH") returned 0x5b [0121.215] memcpy (in: _Dst=0x2435f8, _Src=0x22f6a8, _Size=0x92 | out: _Dst=0x2435f8) returned 0x2435f8 [0121.215] memcpy (in: _Dst=0x243688, _Src=0x24d8a8, _Size=0xb8 | out: _Dst=0x243688) returned 0x243688 [0121.216] free (_Block=0x43caa0) [0121.216] ??0CHString@@QEAA@XZ () returned 0x16f370 [0121.216] malloc (_Size=0x18) returned 0x43caa0 [0121.216] malloc (_Size=0x18) returned 0x43c8e0 [0121.216] malloc (_Size=0x18) returned 0x43cae0 [0121.216] malloc (_Size=0x18) returned 0x43cb00 [0121.216] malloc (_Size=0x18) returned 0x43cb20 [0121.217] malloc (_Size=0x18) returned 0x43ca60 [0121.217] malloc (_Size=0x18) returned 0x43cef0 [0121.217] malloc (_Size=0x18) returned 0x43cf10 [0121.217] memcpy_s (in: _Destination=0x16f270, _DestinationSize=0xe, _Source=0x241d38, _SourceSize=0xc | out: _Destination=0x16f270) returned 0x0 [0121.217] lstrlenW (lpString="&") returned 1 [0121.217] lstrlenW (lpString="&") returned 5 [0121.217] lstrlenW (lpString="<") returned 1 [0121.217] lstrlenW (lpString="<") returned 4 [0121.217] lstrlenW (lpString=">") returned 1 [0121.217] lstrlenW (lpString=">") returned 4 [0121.218] lstrlenW (lpString="'") returned 1 [0121.218] lstrlenW (lpString="'") returned 6 [0121.218] lstrlenW (lpString="\"") returned 1 [0121.218] lstrlenW (lpString=""") returned 6 [0121.218] malloc (_Size=0x18) returned 0x43cf30 [0121.218] free (_Block=0x43cf10) [0121.218] malloc (_Size=0x18) returned 0x43cf10 [0121.218] memcpy_s (in: _Destination=0x16f270, _DestinationSize=0xe, _Source=0x241d38, _SourceSize=0xc | out: _Destination=0x16f270) returned 0x0 [0121.218] lstrlenW (lpString="&") returned 1 [0121.219] lstrlenW (lpString="&") returned 5 [0121.219] lstrlenW (lpString="<") returned 1 [0121.219] lstrlenW (lpString="<") returned 4 [0121.219] lstrlenW (lpString=">") returned 1 [0121.219] lstrlenW (lpString=">") returned 4 [0121.219] lstrlenW (lpString="'") returned 1 [0121.219] lstrlenW (lpString="'") returned 6 [0121.219] lstrlenW (lpString="\"") returned 1 [0121.219] lstrlenW (lpString=""") returned 6 [0121.219] malloc (_Size=0x18) returned 0x43cf50 [0121.220] free (_Block=0x43cf10) [0121.220] malloc (_Size=0x18) returned 0x43cf10 [0121.220] memcpy_s (in: _Destination=0x16f270, _DestinationSize=0xe, _Source=0x241d38, _SourceSize=0x6 | out: _Destination=0x16f270) returned 0x0 [0121.220] lstrlenW (lpString="&") returned 1 [0121.220] lstrlenW (lpString="&") returned 5 [0121.220] lstrlenW (lpString="<") returned 1 [0121.220] lstrlenW (lpString="<") returned 4 [0121.220] lstrlenW (lpString=">") returned 1 [0121.220] lstrlenW (lpString=">") returned 4 [0121.220] lstrlenW (lpString="'") returned 1 [0121.220] lstrlenW (lpString="'") returned 6 [0121.220] lstrlenW (lpString="\"") returned 1 [0121.221] lstrlenW (lpString=""") returned 6 [0121.221] malloc (_Size=0x18) returned 0x43cf70 [0121.221] free (_Block=0x43cf10) [0121.221] malloc (_Size=0x18) returned 0x43cf10 [0121.221] memcpy_s (in: _Destination=0x16f270, _DestinationSize=0xe, _Source=0x241d38, _SourceSize=0x6 | out: _Destination=0x16f270) returned 0x0 [0121.221] lstrlenW (lpString="&") returned 1 [0121.221] lstrlenW (lpString="&") returned 5 [0121.221] lstrlenW (lpString="<") returned 1 [0121.221] lstrlenW (lpString="<") returned 4 [0121.222] lstrlenW (lpString=">") returned 1 [0121.222] lstrlenW (lpString=">") returned 4 [0121.222] lstrlenW (lpString="'") returned 1 [0121.222] lstrlenW (lpString="'") returned 6 [0121.222] lstrlenW (lpString="\"") returned 1 [0121.222] lstrlenW (lpString=""") returned 6 [0121.222] malloc (_Size=0x18) returned 0x43cf90 [0121.222] free (_Block=0x43cf10) [0121.222] malloc (_Size=0x18) returned 0x43cf10 [0121.222] malloc (_Size=0x20) returned 0x43cce0 [0121.223] memcpy_s (in: _Destination=0x43cce0, _DestinationSize=0x1e, _Source=0x241d38, _SourceSize=0x14 | out: _Destination=0x43cce0) returned 0x0 [0121.223] lstrlenW (lpString="&") returned 1 [0121.223] lstrlenW (lpString="&") returned 5 [0121.223] lstrlenW (lpString="<") returned 1 [0121.223] lstrlenW (lpString="<") returned 4 [0121.223] lstrlenW (lpString=">") returned 1 [0121.223] lstrlenW (lpString=">") returned 4 [0121.223] lstrlenW (lpString="'") returned 1 [0121.223] lstrlenW (lpString="'") returned 6 [0121.223] lstrlenW (lpString="\"") returned 1 [0121.223] lstrlenW (lpString=""") returned 6 [0121.223] malloc (_Size=0x18) returned 0x43cfb0 [0121.224] free (_Block=0x43cf10) [0121.224] free (_Block=0x43cce0) [0121.224] malloc (_Size=0x18) returned 0x43cf10 [0121.224] malloc (_Size=0x20) returned 0x43cce0 [0121.224] memcpy_s (in: _Destination=0x43cce0, _DestinationSize=0x1e, _Source=0x241d38, _SourceSize=0x10 | out: _Destination=0x43cce0) returned 0x0 [0121.224] lstrlenW (lpString="&") returned 1 [0121.225] lstrlenW (lpString="&") returned 5 [0121.225] lstrlenW (lpString="<") returned 1 [0121.225] lstrlenW (lpString="<") returned 4 [0121.225] lstrlenW (lpString=">") returned 1 [0121.225] lstrlenW (lpString=">") returned 4 [0121.225] lstrlenW (lpString="'") returned 1 [0121.225] lstrlenW (lpString="'") returned 6 [0121.225] lstrlenW (lpString="\"") returned 1 [0121.225] lstrlenW (lpString=""") returned 6 [0121.225] malloc (_Size=0x18) returned 0x43cfd0 [0121.226] free (_Block=0x43cf10) [0121.226] free (_Block=0x43cce0) [0121.226] malloc (_Size=0x18) returned 0x43cf10 [0121.226] memcpy_s (in: _Destination=0x16f270, _DestinationSize=0xe, _Source=0x241d38, _SourceSize=0xc | out: _Destination=0x16f270) returned 0x0 [0121.226] lstrlenW (lpString="&") returned 1 [0121.226] lstrlenW (lpString="&") returned 5 [0121.226] lstrlenW (lpString="<") returned 1 [0121.226] lstrlenW (lpString="<") returned 4 [0121.226] lstrlenW (lpString=">") returned 1 [0121.227] lstrlenW (lpString=">") returned 4 [0121.227] lstrlenW (lpString="'") returned 1 [0121.227] lstrlenW (lpString="'") returned 6 [0121.227] lstrlenW (lpString="\"") returned 1 [0121.227] lstrlenW (lpString=""") returned 6 [0121.227] malloc (_Size=0x18) returned 0x43cff0 [0121.227] free (_Block=0x43cf10) [0121.227] ?Format@CHString@@QEAAXPEBGZZ () returned 0x29dfdc [0121.244] malloc (_Size=0x18) returned 0x43cf10 [0121.244] ??1CHString@@QEAA@XZ () returned 0x6501 [0121.245] free (_Block=0x43cff0) [0121.245] free (_Block=0x43cfd0) [0121.245] free (_Block=0x43cfb0) [0121.245] free (_Block=0x43cef0) [0121.245] free (_Block=0x43cf90) [0121.245] free (_Block=0x43cf30) [0121.245] free (_Block=0x43cf50) [0121.246] free (_Block=0x43ca60) [0121.246] free (_Block=0x43cb20) [0121.246] free (_Block=0x43cf70) [0121.246] free (_Block=0x43cb00) [0121.246] free (_Block=0x43cae0) [0121.246] free (_Block=0x43caa0) [0121.247] free (_Block=0x43c8e0) [0121.247] malloc (_Size=0x18) returned 0x43c8e0 [0121.247] SysStringLen (param_1=" path win32_VideoController get nameQ9IATRKPRH") returned 0xa3 [0121.247] SysStringLen (param_1="root\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AON") returned 0x173 [0121.247] memcpy (in: _Dst=0x242c88, _Src=0x2435f8, _Size=0x148 | out: _Dst=0x242c88) returned 0x242c88 [0121.247] memcpy (in: _Dst=0x242dce, _Src=0x243d68, _Size=0x2e8 | out: _Dst=0x242dce) returned 0x242dce [0121.247] free (_Block=0x43c8c0) [0121.247] malloc (_Size=0x18) returned 0x43c8c0 [0121.248] malloc (_Size=0x18) returned 0x43caa0 [0121.248] SysStringLen (param_1=" path win32_VideoController get nameQ9IATRKPRHroot\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AON") returned 0x216 [0121.248] SysStringLen (param_1="") returned 0xa [0121.248] memcpy (in: _Dst=0x244bd8, _Src=0x242c88, _Size=0x42e | out: _Dst=0x244bd8) returned 0x244bd8 [0121.248] memcpy (in: _Dst=0x245004, _Src=0x241d38, _Size=0x16 | out: _Dst=0x245004) returned 0x245004 [0121.248] free (_Block=0x43c8e0) [0121.248] free (_Block=0x43c8c0) [0121.248] free (_Block=0x43ca80) [0121.249] free (_Block=0x43ca00) [0121.249] free (_Block=0x43cf10) [0121.249] ??1CHString@@QEAA@XZ () returned 0x711e1001 [0121.249] malloc (_Size=0x18) returned 0x43ca00 [0121.249] SysStringLen (param_1="") returned 0x0 [0121.249] SysStringLen (param_1="") returned 0x60 [0121.249] memcpy (in: _Dst=0x2430d8, _Src=0x1c0a38, _Size=0x2 | out: _Dst=0x2430d8) returned 0x2430d8 [0121.249] memcpy (in: _Dst=0x2430d8, _Src=0x219988, _Size=0xc2 | out: _Dst=0x2430d8) returned 0x2430d8 [0121.250] free (_Block=0x43c880) [0121.250] malloc (_Size=0x18) returned 0x43c880 [0121.250] SysStringLen (param_1="") returned 0x60 [0121.250] SysStringLen (param_1=" path win32_VideoController get nameQ9IATRKPRHroot\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AON") returned 0x220 [0121.250] memcpy (in: _Dst=0x245038, _Src=0x2430d8, _Size=0xc2 | out: _Dst=0x245038) returned 0x245038 [0121.250] memcpy (in: _Dst=0x2450f8, _Src=0x244bd8, _Size=0x442 | out: _Dst=0x2450f8) returned 0x2450f8 [0121.250] free (_Block=0x43ca00) [0121.250] WbemLocator:IUnknown:Release (This=0x2265e0) returned 0x0 [0121.256] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4dfc96c [0121.257] malloc (_Size=0x18) returned 0x43ca00 [0121.257] SysStringLen (param_1="") returned 0x0 [0121.257] SysStringLen (param_1="Radeon (TM) RX 470 Graphics") returned 0xc0 [0121.257] memcpy (in: _Dst=0x243d68, _Src=0x20f668, _Size=0x2 | out: _Dst=0x243d68) returned 0x243d68 [0121.257] memcpy (in: _Dst=0x243d68, _Src=0x244538, _Size=0x182 | out: _Dst=0x243d68) returned 0x243d68 [0121.257] free (_Block=0x43c8a0) [0121.257] _kbhit () returned 0x0 [0121.262] malloc (_Size=0x18) returned 0x43c8a0 [0121.262] SysStringLen (param_1=" path win32_VideoController get nameQ9IATRKPRHroot\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AON") returned 0x280 [0121.262] SysStringLen (param_1="Radeon (TM) RX 470 Graphics") returned 0xc0 [0121.262] memcpy (in: _Dst=0x245558, _Src=0x245038, _Size=0x502 | out: _Dst=0x245558) returned 0x245558 [0121.262] memcpy (in: _Dst=0x245a58, _Src=0x243d68, _Size=0x182 | out: _Dst=0x245a58) returned 0x245a58 [0121.262] free (_Block=0x43c880) [0121.262] malloc (_Size=0x18) returned 0x43c880 [0121.263] malloc (_Size=0x18) returned 0x43ca80 [0121.263] SysStringLen (param_1=" path win32_VideoController get nameQ9IATRKPRHroot\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AONRadeon (TM) RX 470 Graphics") returned 0x340 [0121.263] SysStringLen (param_1="") returned 0xa [0121.263] memcpy (in: _Dst=0x245bf8, _Src=0x245558, _Size=0x682 | out: _Dst=0x245bf8) returned 0x245bf8 [0121.263] memcpy (in: _Dst=0x246278, _Src=0x241d38, _Size=0x16 | out: _Dst=0x246278) returned 0x246278 [0121.263] free (_Block=0x43c8a0) [0121.263] free (_Block=0x43c880) [0121.263] GetCurrentThreadId () returned 0xe10 [0121.263] ??0CHString@@QEAA@PEBG@Z () returned 0x16f468 [0121.264] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0x16f468 [0121.264] lstrlenW (lpString="LIST") returned 4 [0121.264] lstrlenW (lpString="get") returned 3 [0121.264] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="LIST", cchCount2=4) returned 1 [0121.264] lstrlenW (lpString="ASSOC") returned 5 [0121.264] lstrlenW (lpString="get") returned 3 [0121.264] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="ASSOC", cchCount2=5) returned 3 [0121.264] lstrlenW (lpString="GET") returned 3 [0121.264] lstrlenW (lpString="get") returned 3 [0121.264] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2 [0121.265] malloc (_Size=0x20a) returned 0x43d6c0 [0121.265] GetSystemDirectoryW (in: lpBuffer=0x43d6c0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0121.265] free (_Block=0x43d6c0) [0121.265] malloc (_Size=0x18) returned 0x43c880 [0121.265] malloc (_Size=0x18) returned 0x43c8a0 [0121.266] malloc (_Size=0x18) returned 0x43c8c0 [0121.266] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0121.266] SysStringLen (param_1="\\wbem\\") returned 0x6 [0121.266] memcpy (in: _Dst=0x216278, _Src=0x2161d8, _Size=0x28 | out: _Dst=0x216278) returned 0x216278 [0121.266] memcpy (in: _Dst=0x21629e, _Src=0x241d38, _Size=0xe | out: _Dst=0x21629e) returned 0x21629e [0121.266] free (_Block=0x43c880) [0121.266] free (_Block=0x43c8a0) [0121.266] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32 [0121.266] free (_Block=0x43c8c0) [0121.267] malloc (_Size=0x18) returned 0x43c8c0 [0121.267] malloc (_Size=0x18) returned 0x43c8a0 [0121.267] malloc (_Size=0x18) returned 0x43c880 [0121.267] malloc (_Size=0x18) returned 0x43c8e0 [0121.267] malloc (_Size=0x18) returned 0x43cae0 [0121.267] malloc (_Size=0x18) returned 0x43cb00 [0121.267] lstrlenW (lpString="TABLE") returned 5 [0121.268] lstrlenW (lpString="CSV") returned 3 [0121.268] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CSV", cchCount1=3, lpString2="TABLE", cchCount2=5) returned 1 [0121.268] lstrlenW (lpString="TABLE") returned 5 [0121.268] lstrlenW (lpString="HFORM") returned 5 [0121.268] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="HFORM", cchCount1=5, lpString2="TABLE", cchCount2=5) returned 1 [0121.268] lstrlenW (lpString="TABLE") returned 5 [0121.268] lstrlenW (lpString="HTABLE") returned 6 [0121.268] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="HTABLE", cchCount1=6, lpString2="TABLE", cchCount2=5) returned 1 [0121.268] lstrlenW (lpString="TABLE") returned 5 [0121.268] lstrlenW (lpString="LIST") returned 4 [0121.268] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="LIST", cchCount1=4, lpString2="TABLE", cchCount2=5) returned 1 [0121.268] lstrlenW (lpString="TABLE") returned 5 [0121.268] lstrlenW (lpString="MOF") returned 3 [0121.269] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MOF", cchCount1=3, lpString2="TABLE", cchCount2=5) returned 1 [0121.269] lstrlenW (lpString="TABLE") returned 5 [0121.269] lstrlenW (lpString="RAWXML") returned 6 [0121.269] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="RAWXML", cchCount1=6, lpString2="TABLE", cchCount2=5) returned 1 [0121.269] lstrlenW (lpString="TABLE") returned 5 [0121.269] lstrlenW (lpString="TABLE") returned 5 [0121.269] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="TABLE", cchCount1=5, lpString2="TABLE", cchCount2=5) returned 2 [0121.269] SysStringLen (param_1="texttable.xsl") returned 0xd [0121.269] SysStringLen (param_1="hform.xsl") returned 0x9 [0121.269] SysStringLen (param_1="texttable.xsl") returned 0xd [0121.269] SysStringLen (param_1="htable.xsl") returned 0xa [0121.269] SysStringLen (param_1="texttable.xsl") returned 0xd [0121.270] SysStringLen (param_1="csv.xsl") returned 0x7 [0121.270] SysStringLen (param_1="texttable.xsl") returned 0xd [0121.270] SysStringLen (param_1="mof.xsl") returned 0x7 [0121.270] SysStringLen (param_1="texttable.xsl") returned 0xd [0121.270] SysStringLen (param_1="xml.xsl") returned 0x7 [0121.270] malloc (_Size=0x18) returned 0x43cb20 [0121.270] malloc (_Size=0x18) returned 0x43ca60 [0121.270] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19 [0121.270] SysStringLen (param_1="\\") returned 0x1 [0121.270] memcpy (in: _Dst=0x216278, _Src=0x2161d8, _Size=0x34 | out: _Dst=0x216278) returned 0x216278 [0121.270] memcpy (in: _Dst=0x2162aa, _Src=0x241cd8, _Size=0x4 | out: _Dst=0x2162aa) returned 0x2162aa [0121.271] free (_Block=0x43cb20) [0121.271] malloc (_Size=0x18) returned 0x43cb20 [0121.271] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\\\") returned 0x1a [0121.271] SysStringLen (param_1="texttable.xsl") returned 0xd [0121.271] memcpy (in: _Dst=0x24d8a8, _Src=0x216278, _Size=0x36 | out: _Dst=0x24d8a8) returned 0x24d8a8 [0121.271] memcpy (in: _Dst=0x24d8dc, _Src=0x1a6708, _Size=0x1c | out: _Dst=0x24d8dc) returned 0x24d8dc [0121.271] free (_Block=0x43ca60) [0121.271] CreateFileW (lpFileName="C:\\Windows\\system32\\wbem\\\\texttable.xsl" (normalized: "c:\\windows\\system32\\wbem\\texttable.xsl"), dwDesiredAccess=0x0, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0121.272] CloseHandle (hObject=0x270) returned 1 [0121.272] malloc (_Size=0x30) returned 0x4386c0 [0121.272] malloc (_Size=0x30) returned 0x438700 [0121.272] ??0CHString@@QEAA@PEBG@Z () returned 0x16f1c8 [0121.272] ?Right@CHString@@QEBA?AV1@H@Z () returned 0x16f1c0 [0121.272] ??0CHString@@QEAA@PEBG@Z () returned 0x16f218 [0121.272] _wcsicmp (_String1=".xsl", _String2=".xsl") returned 0 [0121.272] ??1CHString@@QEAA@XZ () returned 0x1 [0121.272] ??1CHString@@QEAA@XZ () returned 0x1 [0121.272] ??1CHString@@QEAA@XZ () returned 0x711e1001 [0121.273] malloc (_Size=0x30) returned 0x438740 [0121.273] malloc (_Size=0x20) returned 0x43cce0 [0121.273] malloc (_Size=0x30) returned 0x438780 [0121.273] free (_Block=0x438740) [0121.273] free (_Block=0x438700) [0121.274] free (_Block=0x4386c0) [0121.274] free (_Block=0x43cb00) [0121.274] free (_Block=0x43cae0) [0121.274] free (_Block=0x43c8e0) [0121.274] free (_Block=0x43c880) [0121.274] free (_Block=0x43c8a0) [0121.274] free (_Block=0x43c8c0) [0121.274] GetCurrentThreadId () returned 0xe10 [0121.275] ??0CHString@@QEAA@XZ () returned 0x16f270 [0121.275] CoCreateInstance (in: rclsid=0xffc37410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xffc373f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0xffca29e8 | out: ppv=0xffca29e8*=0x20471d0) returned 0x0 [0121.280] FreeThreadedDOMDocument:IXMLDOMDocument:loadXML (in: This=0x20471d0, bstrXML=" path win32_VideoController get nameQ9IATRKPRHroot\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AONRadeon (TM) RX 470 Graphics", isSuccessful=0x16f254 | out: isSuccessful=0x16f254*=0xffff) returned 0x0 [0121.283] ??0CHString@@QEAA@XZ () returned 0x16ef50 [0121.284] GetCurrentThreadId () returned 0xe10 [0121.284] malloc (_Size=0x20) returned 0x43cd80 [0121.284] malloc (_Size=0x30) returned 0x4386c0 [0121.284] CoCreateInstance (in: rclsid=0xffc37420*(Data1=0x2933bf94, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), pUnkOuter=0x0, dwClsContext=0x15, riid=0xffc37400*(Data1=0x2933bf93, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x16ef68 | out: ppv=0x16ef68*=0x2047620) returned 0x0 [0121.288] CoCreateInstance (in: rclsid=0xffc37410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x15, riid=0xffc373f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x16ef80 | out: ppv=0x16ef80*=0x204b330) returned 0x0 [0121.289] FreeThreadedDOMDocument:IXMLDOMDocument:put_async (This=0x204b330, async=0) returned 0x0 [0121.289] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\\\texttable.xsl") returned 0x4e [0121.289] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x204b330, xmlSource=0x16f120*(varType=0x8, wReserved1=0x204, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\\\texttable.xsl", varVal2=0x0), isSuccessful=0x16f218 | out: isSuccessful=0x16f218*=0xffff) returned 0x0 [0121.302] XSLTemplate:IXSLTemplate:putref_stylesheet (This=0x2047620, stylesheet=0x204b330) returned 0x0 [0121.330] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16cd60 | out: lpSystemTimeAsFileTime=0x16cd60*(dwLowDateTime=0x97573d70, dwHighDateTime=0x1da5d2f)) [0121.330] GetCurrentProcessId () returned 0xe0c [0121.330] GetCurrentThreadId () returned 0xe10 [0121.330] GetTickCount () returned 0x14dcfb3 [0121.330] QueryPerformanceCounter (in: lpPerformanceCount=0x16cd68 | out: lpPerformanceCount=0x16cd68*=2202212526574) returned 1 [0121.334] malloc (_Size=0x100) returned 0x439ff0 [0121.334] __dllonexit () returned 0x7fef48ebfc0 [0121.335] __dllonexit () returned 0x7fef48ebfa8 [0121.335] __dllonexit () returned 0x7fef48ebfd4 [0121.336] GetUserDefaultLCID () returned 0x409 [0121.337] GetVersion () returned 0x1db10106 [0121.338] ??2@YAPEAX_K@Z () returned 0x43d6c0 [0121.339] ??2@YAPEAX_K@Z () returned 0x43d720 [0121.339] GetUserDefaultLCID () returned 0x409 [0121.339] GetACP () returned 0x4e4 [0121.340] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.343] GetCurrentThreadId () returned 0xe10 [0121.343] ??2@YAPEAX_K@Z () returned 0x43dab0 [0121.343] GetCurrentThreadId () returned 0xe10 [0121.343] ??2@YAPEAX_K@Z () returned 0x43cdb0 [0121.343] ??2@YAPEAX_K@Z () returned 0x438700 [0121.343] ??2@YAPEAX_K@Z () returned 0x43db90 [0121.344] ??2@YAPEAX_K@Z () returned 0x438740 [0121.344] GetCurrentThreadId () returned 0xe10 [0121.344] ??2@YAPEAX_K@Z () returned 0x43dc60 [0121.344] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0121.345] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x16ea70, cchData=6 | out: lpLCData="1252") returned 5 [0121.345] IsValidCodePage (CodePage=0x4e4) returned 1 [0121.347] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefdf10000 [0121.347] GetProcAddress (hModule=0x7fefdf10000, lpProcName="CoCreateInstance") returned 0x7fefdf37490 [0121.347] CoCreateInstance (in: rclsid=0x7fef493d5a8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef493d5b8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x43da68 | out: ppv=0x43da68*=0x229040) returned 0x0 [0121.348] IUnknown:AddRef (This=0x229040) returned 0x2 [0121.348] GetCurrentProcessId () returned 0xe0c [0121.348] GetCurrentThreadId () returned 0xe10 [0121.348] GetTickCount () returned 0x14dcfc3 [0121.348] ISystemDebugEventFire:BeginSession (This=0x229040, guidSourceID=0x7fef493d5d8, strSessionName="VBScript:00003596:00003600:21876675") returned 0x0 [0121.348] DllRegisterServer () returned 0x0 [0121.349] GetCurrentThreadId () returned 0xe10 [0121.349] realloc (_Block=0x0, _Size=0xc8) returned 0x43dcf0 [0121.350] memcpy (in: _Dst=0x43dcf0, _Src=0x7fef4950800, _Size=0x10 | out: _Dst=0x43dcf0) returned 0x43dcf0 [0121.350] memcpy (in: _Dst=0x43dd00, _Src=0x7fef493f2c8, _Size=0x6 | out: _Dst=0x43dd00) returned 0x43dd00 [0121.350] memcpy (in: _Dst=0x43dd06, _Src=0x7fef493f2d0, _Size=0x18 | out: _Dst=0x43dd06) returned 0x43dd06 [0121.350] ??2@YAPEAX_K@Z () returned 0x4387c0 [0121.350] malloc (_Size=0x1008) returned 0x43ddc0 [0121.351] ??2@YAPEAX_K@Z () returned 0x43edd0 [0121.351] malloc (_Size=0x400) returned 0x43ef60 [0121.351] malloc (_Size=0x108) returned 0x43a100 [0121.351] malloc (_Size=0x2008) returned 0x29dfd0 [0121.352] memcpy (in: _Dst=0x29e004, _Src=0x2056cd2, _Size=0xc | out: _Dst=0x29e004) returned 0x29e004 [0121.352] memcpy (in: _Dst=0x29e044, _Src=0x2056ce0, _Size=0x10 | out: _Dst=0x29e044) returned 0x29e044 [0121.352] memcpy (in: _Dst=0x29e08c, _Src=0x2056df0, _Size=0x6 | out: _Dst=0x29e08c) returned 0x29e08c [0121.352] memcpy (in: _Dst=0x29e0c4, _Src=0x2056df8, _Size=0xa | out: _Dst=0x29e0c4) returned 0x29e0c4 [0121.353] memcpy (in: _Dst=0x29e104, _Src=0x2056e0c, _Size=0x10 | out: _Dst=0x29e104) returned 0x29e104 [0121.353] memcpy (in: _Dst=0x29e14c, _Src=0x2056e30, _Size=0xc | out: _Dst=0x29e14c) returned 0x29e14c [0121.353] malloc (_Size=0x208) returned 0x43f370 [0121.353] memcpy (in: _Dst=0x29e18c, _Src=0x2056e50, _Size=0x4 | out: _Dst=0x29e18c) returned 0x29e18c [0121.354] memcpy (in: _Dst=0x29e1c4, _Src=0x2056e68, _Size=0xa | out: _Dst=0x29e1c4) returned 0x29e1c4 [0121.354] memcpy (in: _Dst=0x29e204, _Src=0x2056e7c, _Size=0x10 | out: _Dst=0x29e204) returned 0x29e204 [0121.354] memcpy (in: _Dst=0x29e24c, _Src=0x2056e96, _Size=0x12 | out: _Dst=0x29e24c) returned 0x29e24c [0121.354] malloc (_Size=0x408) returned 0x43f580 [0121.354] memcpy (in: _Dst=0x29e294, _Src=0x2056ec8, _Size=0x8 | out: _Dst=0x29e294) returned 0x29e294 [0121.355] memcpy (in: _Dst=0x29e2d4, _Src=0x2056ef0, _Size=0x18 | out: _Dst=0x29e2d4) returned 0x29e2d4 [0121.355] memcpy (in: _Dst=0x29e324, _Src=0x2056f0a, _Size=0x10 | out: _Dst=0x29e324) returned 0x29e324 [0121.355] memcpy (in: _Dst=0x29e36c, _Src=0x2056f1c, _Size=0x18 | out: _Dst=0x29e36c) returned 0x29e36c [0121.355] memcpy (in: _Dst=0x29e3bc, _Src=0x2056f36, _Size=0x2 | out: _Dst=0x29e3bc) returned 0x29e3bc [0121.356] memcpy (in: _Dst=0x29e3f4, _Src=0x2056f84, _Size=0x6 | out: _Dst=0x29e3f4) returned 0x29e3f4 [0121.356] malloc (_Size=0x808) returned 0x29ffe0 [0121.356] memcpy (in: _Dst=0x29e42c, _Src=0x2056fb0, _Size=0xa | out: _Dst=0x29e42c) returned 0x29e42c [0121.356] memcpy (in: _Dst=0x29e46c, _Src=0x2056fbc, _Size=0x8 | out: _Dst=0x29e46c) returned 0x29e46c [0121.356] memcpy (in: _Dst=0x29e4ac, _Src=0x2056fd8, _Size=0x2 | out: _Dst=0x29e4ac) returned 0x29e4ac [0121.356] memcpy (in: _Dst=0x29e4e4, _Src=0x2056fec, _Size=0x8 | out: _Dst=0x29e4e4) returned 0x29e4e4 [0121.357] memcpy (in: _Dst=0x29e524, _Src=0x43ee3c, _Size=0x20 | out: _Dst=0x29e524) returned 0x29e524 [0121.357] memcpy (in: _Dst=0x29e57c, _Src=0x205705c, _Size=0xa | out: _Dst=0x29e57c) returned 0x29e57c [0121.357] memcpy (in: _Dst=0x29e5bc, _Src=0x2057072, _Size=0x6 | out: _Dst=0x29e5bc) returned 0x29e5bc [0121.358] memcpy (in: _Dst=0x29e5f4, _Src=0x20570b8, _Size=0x8 | out: _Dst=0x29e5f4) returned 0x29e5f4 [0121.358] memcpy (in: _Dst=0x29e634, _Src=0x20570da, _Size=0x8 | out: _Dst=0x29e634) returned 0x29e634 [0121.358] memcpy (in: _Dst=0x29e674, _Src=0x2057122, _Size=0x16 | out: _Dst=0x29e674) returned 0x29e674 [0121.359] malloc (_Size=0x1008) returned 0x2a07f0 [0121.359] memcpy (in: _Dst=0x29e6bc, _Src=0x20571d8, _Size=0x12 | out: _Dst=0x29e6bc) returned 0x29e6bc [0121.359] memcpy (in: _Dst=0x29e704, _Src=0x2057202, _Size=0xa | out: _Dst=0x29e704) returned 0x29e704 [0121.360] memcpy (in: _Dst=0x29e744, _Src=0x2057210, _Size=0x8 | out: _Dst=0x29e744) returned 0x29e744 [0121.360] memcpy (in: _Dst=0x29e784, _Src=0x2057222, _Size=0xe | out: _Dst=0x29e784) returned 0x29e784 [0121.360] memcpy (in: _Dst=0x29e7c4, _Src=0x205723a, _Size=0x4 | out: _Dst=0x29e7c4) returned 0x29e7c4 [0121.360] memcpy (in: _Dst=0x29e7fc, _Src=0x2057252, _Size=0x8 | out: _Dst=0x29e7fc) returned 0x29e7fc [0121.361] memcpy (in: _Dst=0x29e83c, _Src=0x20572f8, _Size=0x4 | out: _Dst=0x29e83c) returned 0x29e83c [0121.361] memcpy (in: _Dst=0x29e874, _Src=0x20572fe, _Size=0x14 | out: _Dst=0x29e874) returned 0x29e874 [0121.361] memcpy (in: _Dst=0x29e8bc, _Src=0x2057314, _Size=0x18 | out: _Dst=0x29e8bc) returned 0x29e8bc [0121.361] memcpy (in: _Dst=0x29e90c, _Src=0x43ee3c, _Size=0x8 | out: _Dst=0x29e90c) returned 0x29e90c [0121.361] memcpy (in: _Dst=0x29e94c, _Src=0x205733e, _Size=0xa | out: _Dst=0x29e94c) returned 0x29e94c [0121.361] memcpy (in: _Dst=0x29e98c, _Src=0x2057352, _Size=0x8 | out: _Dst=0x29e98c) returned 0x29e98c [0121.362] memcpy (in: _Dst=0x29e9cc, _Src=0x20574c2, _Size=0xe | out: _Dst=0x29e9cc) returned 0x29e9cc [0121.362] memcpy (in: _Dst=0x29ea0c, _Src=0x20574d8, _Size=0x10 | out: _Dst=0x29ea0c) returned 0x29ea0c [0121.363] memcpy (in: _Dst=0x29ea54, _Src=0x43ee3c, _Size=0x1c | out: _Dst=0x29ea54) returned 0x29ea54 [0121.363] memcpy (in: _Dst=0x29eaa4, _Src=0x2057534, _Size=0x1a | out: _Dst=0x29eaa4) returned 0x29eaa4 [0121.364] memcpy (in: _Dst=0x29eaf4, _Src=0x43ee3c, _Size=0x2 | out: _Dst=0x29eaf4) returned 0x29eaf4 [0121.364] memcpy (in: _Dst=0x29eb2c, _Src=0x20575b2, _Size=0x14 | out: _Dst=0x29eb2c) returned 0x29eb2c [0121.364] memcpy (in: _Dst=0x29eb74, _Src=0x20575c8, _Size=0x14 | out: _Dst=0x29eb74) returned 0x29eb74 [0121.364] memcpy (in: _Dst=0x29ebbc, _Src=0x20575de, _Size=0xc | out: _Dst=0x29ebbc) returned 0x29ebbc [0121.364] memcpy (in: _Dst=0x29ebfc, _Src=0x43ee3c, _Size=0x8 | out: _Dst=0x29ebfc) returned 0x29ebfc [0121.365] memcpy (in: _Dst=0x29ec3c, _Src=0x205765a, _Size=0x12 | out: _Dst=0x29ec3c) returned 0x29ec3c [0121.365] memcpy (in: _Dst=0x29ec84, _Src=0x2057672, _Size=0x6 | out: _Dst=0x29ec84) returned 0x29ec84 [0121.365] memcpy (in: _Dst=0x29ecbc, _Src=0x205767a, _Size=0x8 | out: _Dst=0x29ecbc) returned 0x29ecbc [0121.365] memcpy (in: _Dst=0x29ecfc, _Src=0x2057690, _Size=0x4 | out: _Dst=0x29ecfc) returned 0x29ecfc [0121.365] memcpy (in: _Dst=0x29ed34, _Src=0x43ee3c, _Size=0xc | out: _Dst=0x29ed34) returned 0x29ed34 [0121.366] memcpy (in: _Dst=0x29ed74, _Src=0x43ee3c, _Size=0x2 | out: _Dst=0x29ed74) returned 0x29ed74 [0121.366] malloc (_Size=0x2008) returned 0x2a1800 [0121.367] memcpy (in: _Dst=0x29edac, _Src=0x20577a0, _Size=0x1c | out: _Dst=0x29edac) returned 0x29edac [0121.367] memcpy (in: _Dst=0x29edfc, _Src=0x20577d8, _Size=0xc | out: _Dst=0x29edfc) returned 0x29edfc [0121.367] memcpy (in: _Dst=0x29ee3c, _Src=0x43ee3c, _Size=0xc | out: _Dst=0x29ee3c) returned 0x29ee3c [0121.368] memcpy (in: _Dst=0x29ee7c, _Src=0x43ee3c, _Size=0x2 | out: _Dst=0x29ee7c) returned 0x29ee7c [0121.373] memcpy (in: _Dst=0x29eeb4, _Src=0x43ee3c, _Size=0x4 | out: _Dst=0x29eeb4) returned 0x29eeb4 [0121.375] memcpy (in: _Dst=0x29eeec, _Src=0x2057aa0, _Size=0x8 | out: _Dst=0x29eeec) returned 0x29eeec [0121.375] memcpy (in: _Dst=0x29ef2c, _Src=0x43ee3c, _Size=0x2 | out: _Dst=0x29ef2c) returned 0x29ef2c [0121.375] memcpy (in: _Dst=0x29ef64, _Src=0x43ee3c, _Size=0x24 | out: _Dst=0x29ef64) returned 0x29ef64 [0121.376] memcpy (in: _Dst=0x29efbc, _Src=0x2057bb4, _Size=0xc | out: _Dst=0x29efbc) returned 0x29efbc [0121.376] memcpy (in: _Dst=0x29effc, _Src=0x2057bc4, _Size=0x8 | out: _Dst=0x29effc) returned 0x29effc [0121.376] memcpy (in: _Dst=0x29f03c, _Src=0x2057bd0, _Size=0x10 | out: _Dst=0x29f03c) returned 0x29f03c [0121.376] memcpy (in: _Dst=0x29f084, _Src=0x2057be4, _Size=0x1c | out: _Dst=0x29f084) returned 0x29f084 [0121.376] memcpy (in: _Dst=0x29f0d4, _Src=0x2057c04, _Size=0x1a | out: _Dst=0x29f0d4) returned 0x29f0d4 [0121.376] memcpy (in: _Dst=0x29f124, _Src=0x2057c22, _Size=0x16 | out: _Dst=0x29f124) returned 0x29f124 [0121.376] memcpy (in: _Dst=0x29f16c, _Src=0x2057c3c, _Size=0x14 | out: _Dst=0x29f16c) returned 0x29f16c [0121.377] memcpy (in: _Dst=0x29f1b4, _Src=0x2057c80, _Size=0x16 | out: _Dst=0x29f1b4) returned 0x29f1b4 [0121.377] memcpy (in: _Dst=0x29f1fc, _Src=0x43ee3c, _Size=0x1e | out: _Dst=0x29f1fc) returned 0x29f1fc [0121.377] memcpy (in: _Dst=0x29f24c, _Src=0x43ee3c, _Size=0x20 | out: _Dst=0x29f24c) returned 0x29f24c [0121.377] memcpy (in: _Dst=0x29f2a4, _Src=0x2057d38, _Size=0x6 | out: _Dst=0x29f2a4) returned 0x29f2a4 [0121.377] memcpy (in: _Dst=0x29f2dc, _Src=0x2057d60, _Size=0x20 | out: _Dst=0x29f2dc) returned 0x29f2dc [0121.377] memcpy (in: _Dst=0x29f334, _Src=0x43ee3c, _Size=0x8 | out: _Dst=0x29f334) returned 0x29f334 [0121.378] memcpy (in: _Dst=0x29f374, _Src=0x2057d9e, _Size=0x6 | out: _Dst=0x29f374) returned 0x29f374 [0121.378] memcpy (in: _Dst=0x29f3ac, _Src=0x2057db8, _Size=0x4 | out: _Dst=0x29f3ac) returned 0x29f3ac [0121.378] memcpy (in: _Dst=0x29f3e4, _Src=0x2057dbe, _Size=0xe | out: _Dst=0x29f3e4) returned 0x29f3e4 [0121.379] memcpy (in: _Dst=0x29f424, _Src=0x43ee3c, _Size=0x4 | out: _Dst=0x29f424) returned 0x29f424 [0121.379] memcpy (in: _Dst=0x29f45c, _Src=0x2057e32, _Size=0x8 | out: _Dst=0x29f45c) returned 0x29f45c [0121.379] memcpy (in: _Dst=0x29f49c, _Src=0x43ee3c, _Size=0x24 | out: _Dst=0x29f49c) returned 0x29f49c [0121.380] memcpy (in: _Dst=0x29f4f4, _Src=0x43ee3c, _Size=0x12 | out: _Dst=0x29f4f4) returned 0x29f4f4 [0121.380] memcpy (in: _Dst=0x29f53c, _Src=0x43ee3c, _Size=0x2 | out: _Dst=0x29f53c) returned 0x29f53c [0121.381] memcpy (in: _Dst=0x29f574, _Src=0x43ee3c, _Size=0x2 | out: _Dst=0x29f574) returned 0x29f574 [0121.381] memcpy (in: _Dst=0x29f5ac, _Src=0x43ee3c, _Size=0x1e | out: _Dst=0x29f5ac) returned 0x29f5ac [0121.382] memcpy (in: _Dst=0x29f5fc, _Src=0x43ee3c, _Size=0x12 | out: _Dst=0x29f5fc) returned 0x29f5fc [0121.382] malloc (_Size=0x4008) returned 0x2a3810 [0121.383] memcpy (in: _Dst=0x29f644, _Src=0x43ee3c, _Size=0x14 | out: _Dst=0x29f644) returned 0x29f644 [0121.386] memcpy (in: _Dst=0x29f68c, _Src=0x43ee3c, _Size=0x2 | out: _Dst=0x29f68c) returned 0x29f68c [0121.386] memcpy (in: _Dst=0x29f6c4, _Src=0x43ee3c, _Size=0x4 | out: _Dst=0x29f6c4) returned 0x29f6c4 [0121.386] memcpy (in: _Dst=0x29f6fc, _Src=0x43ee3c, _Size=0x10 | out: _Dst=0x29f6fc) returned 0x29f6fc [0121.386] memcpy (in: _Dst=0x29f744, _Src=0x43ee3c, _Size=0x2 | out: _Dst=0x29f744) returned 0x29f744 [0121.387] memcpy (in: _Dst=0x29f77c, _Src=0x20586b6, _Size=0xe | out: _Dst=0x29f77c) returned 0x29f77c [0121.387] memcpy (in: _Dst=0x29f7bc, _Src=0x20586fc, _Size=0x8 | out: _Dst=0x29f7bc) returned 0x29f7bc [0121.387] memcpy (in: _Dst=0x29f7fc, _Src=0x43ee3c, _Size=0x0 | out: _Dst=0x29f7fc) returned 0x29f7fc [0121.387] memcpy (in: _Dst=0x29f834, _Src=0x2058712, _Size=0x8 | out: _Dst=0x29f834) returned 0x29f834 [0121.387] memcpy (in: _Dst=0x29f874, _Src=0x2058794, _Size=0x1a | out: _Dst=0x29f874) returned 0x29f874 [0121.387] memcpy (in: _Dst=0x29f8c4, _Src=0x20587c6, _Size=0x4 | out: _Dst=0x29f8c4) returned 0x29f8c4 [0121.387] memcpy (in: _Dst=0x29f8fc, _Src=0x20587dc, _Size=0x4 | out: _Dst=0x29f8fc) returned 0x29f8fc [0121.388] memcpy (in: _Dst=0x29f934, _Src=0x2058806, _Size=0x2 | out: _Dst=0x29f934) returned 0x29f934 [0121.388] memcpy (in: _Dst=0x29f96c, _Src=0x205881a, _Size=0x2 | out: _Dst=0x29f96c) returned 0x29f96c [0121.388] memcpy (in: _Dst=0x29f9a4, _Src=0x2058974, _Size=0x12 | out: _Dst=0x29f9a4) returned 0x29f9a4 [0121.389] memcpy (in: _Dst=0x29f9ec, _Src=0x43ee3c, _Size=0x4 | out: _Dst=0x29f9ec) returned 0x29f9ec [0121.389] memcpy (in: _Dst=0x29fa24, _Src=0x20590a2, _Size=0xc | out: _Dst=0x29fa24) returned 0x29fa24 [0121.389] memcpy (in: _Dst=0x29fa64, _Src=0x2059170, _Size=0x6 | out: _Dst=0x29fa64) returned 0x29fa64 [0121.389] memcpy (in: _Dst=0x29fa9c, _Src=0x205918a, _Size=0x4 | out: _Dst=0x29fa9c) returned 0x29fa9c [0121.389] memcpy (in: _Dst=0x29fad4, _Src=0x205920e, _Size=0x4 | out: _Dst=0x29fad4) returned 0x29fad4 [0121.389] memcpy (in: _Dst=0x29fb0c, _Src=0x2059234, _Size=0x8 | out: _Dst=0x29fb0c) returned 0x29fb0c [0121.390] memcpy (in: _Dst=0x29fb4c, _Src=0x205923e, _Size=0x6 | out: _Dst=0x29fb4c) returned 0x29fb4c [0121.390] memcpy (in: _Dst=0x29fb84, _Src=0x205927a, _Size=0x4 | out: _Dst=0x29fb84) returned 0x29fb84 [0121.390] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.390] malloc (_Size=0x320) returned 0x43f990 [0121.391] malloc (_Size=0x4008) returned 0x2a7820 [0121.402] realloc (_Block=0x43f990, _Size=0x4b0) returned 0x43f990 [0121.406] malloc (_Size=0x4008) returned 0x2ab830 [0121.407] memcpy (in: _Dst=0x2ab830, _Src=0x16e500, _Size=0x30 | out: _Dst=0x2ab830) returned 0x2ab830 [0121.407] memcpy (in: _Dst=0x2ab868, _Src=0x29e36c, _Size=0x1a | out: _Dst=0x2ab868) returned 0x2ab868 [0121.407] memcpy (in: _Dst=0x2ab88c, _Src=0x29e42c, _Size=0xc | out: _Dst=0x2ab88c) returned 0x2ab88c [0121.407] memcpy (in: _Dst=0x2ab8a0, _Src=0x29e674, _Size=0x18 | out: _Dst=0x2ab8a0) returned 0x2ab8a0 [0121.407] memcpy (in: _Dst=0x2ab8c0, _Src=0x29e6bc, _Size=0x14 | out: _Dst=0x2ab8c0) returned 0x2ab8c0 [0121.407] memcpy (in: _Dst=0x2ab8dc, _Src=0x29f874, _Size=0x1c | out: _Dst=0x2ab8dc) returned 0x2ab8dc [0121.407] memcpy (in: _Dst=0x2ab900, _Src=0x29f9a4, _Size=0x14 | out: _Dst=0x2ab900) returned 0x2ab900 [0121.407] memcpy (in: _Dst=0x2ab91c, _Src=0x29e0c4, _Size=0xc | out: _Dst=0x2ab91c) returned 0x2ab91c [0121.407] memcpy (in: _Dst=0x2ab930, _Src=0x29e104, _Size=0x12 | out: _Dst=0x2ab930) returned 0x2ab930 [0121.407] memcpy (in: _Dst=0x2ab94c, _Src=0x29e14c, _Size=0xe | out: _Dst=0x2ab94c) returned 0x2ab94c [0121.407] memcpy (in: _Dst=0x2ab964, _Src=0x29e18c, _Size=0x6 | out: _Dst=0x2ab964) returned 0x2ab964 [0121.407] memcpy (in: _Dst=0x2ab974, _Src=0x29e1c4, _Size=0xc | out: _Dst=0x2ab974) returned 0x2ab974 [0121.407] memcpy (in: _Dst=0x2ab988, _Src=0x29e204, _Size=0x12 | out: _Dst=0x2ab988) returned 0x2ab988 [0121.407] memcpy (in: _Dst=0x2ab9a4, _Src=0x29e24c, _Size=0x14 | out: _Dst=0x2ab9a4) returned 0x2ab9a4 [0121.408] memcpy (in: _Dst=0x2ab9c0, _Src=0x29e294, _Size=0xa | out: _Dst=0x2ab9c0) returned 0x2ab9c0 [0121.408] memcpy (in: _Dst=0x2ab9d4, _Src=0x29e2d4, _Size=0x1a | out: _Dst=0x2ab9d4) returned 0x2ab9d4 [0121.408] memcpy (in: _Dst=0x2ab9f8, _Src=0x29e3bc, _Size=0x4 | out: _Dst=0x2ab9f8) returned 0x2ab9f8 [0121.408] memcpy (in: _Dst=0x2aba04, _Src=0x29e46c, _Size=0xa | out: _Dst=0x2aba04) returned 0x2aba04 [0121.408] memcpy (in: _Dst=0x2aba18, _Src=0x29e4ac, _Size=0x4 | out: _Dst=0x2aba18) returned 0x2aba18 [0121.408] memcpy (in: _Dst=0x2aba24, _Src=0x29e4e4, _Size=0xa | out: _Dst=0x2aba24) returned 0x2aba24 [0121.408] memcpy (in: _Dst=0x2aba38, _Src=0x29e524, _Size=0x22 | out: _Dst=0x2aba38) returned 0x2aba38 [0121.408] memcpy (in: _Dst=0x2aba64, _Src=0x29e5bc, _Size=0x8 | out: _Dst=0x2aba64) returned 0x2aba64 [0121.408] memcpy (in: _Dst=0x2aba74, _Src=0x29e634, _Size=0xa | out: _Dst=0x2aba74) returned 0x2aba74 [0121.408] memcpy (in: _Dst=0x2aba88, _Src=0x29e704, _Size=0xc | out: _Dst=0x2aba88) returned 0x2aba88 [0121.408] memcpy (in: _Dst=0x2aba9c, _Src=0x29e744, _Size=0xa | out: _Dst=0x2aba9c) returned 0x2aba9c [0121.408] memcpy (in: _Dst=0x2abab0, _Src=0x29e784, _Size=0x10 | out: _Dst=0x2abab0) returned 0x2abab0 [0121.408] memcpy (in: _Dst=0x2abac8, _Src=0x29efbc, _Size=0xe | out: _Dst=0x2abac8) returned 0x2abac8 [0121.409] memcpy (in: _Dst=0x2abae0, _Src=0x29effc, _Size=0xa | out: _Dst=0x2abae0) returned 0x2abae0 [0121.409] memcpy (in: _Dst=0x2abaf4, _Src=0x29f03c, _Size=0x12 | out: _Dst=0x2abaf4) returned 0x2abaf4 [0121.409] memcpy (in: _Dst=0x2abb10, _Src=0x29f084, _Size=0x1e | out: _Dst=0x2abb10) returned 0x2abb10 [0121.409] memcpy (in: _Dst=0x2abb38, _Src=0x29f0d4, _Size=0x1c | out: _Dst=0x2abb38) returned 0x2abb38 [0121.409] memcpy (in: _Dst=0x2abb5c, _Src=0x29f124, _Size=0x18 | out: _Dst=0x2abb5c) returned 0x2abb5c [0121.409] memcpy (in: _Dst=0x2abb7c, _Src=0x29f16c, _Size=0x16 | out: _Dst=0x2abb7c) returned 0x2abb7c [0121.409] memcpy (in: _Dst=0x2abb9c, _Src=0x29e874, _Size=0x16 | out: _Dst=0x2abb9c) returned 0x2abb9c [0121.409] memcpy (in: _Dst=0x2abbbc, _Src=0x29e90c, _Size=0xa | out: _Dst=0x2abbbc) returned 0x2abbbc [0121.409] memcpy (in: _Dst=0x2abbd0, _Src=0x29e8bc, _Size=0x1a | out: _Dst=0x2abbd0) returned 0x2abbd0 [0121.409] memcpy (in: _Dst=0x2abbf4, _Src=0x29e94c, _Size=0xc | out: _Dst=0x2abbf4) returned 0x2abbf4 [0121.409] memcpy (in: _Dst=0x2abc08, _Src=0x29ea0c, _Size=0x12 | out: _Dst=0x2abc08) returned 0x2abc08 [0121.409] memcpy (in: _Dst=0x2abc24, _Src=0x29ea54, _Size=0x1e | out: _Dst=0x2abc24) returned 0x2abc24 [0121.409] memcpy (in: _Dst=0x2abc4c, _Src=0x29e9cc, _Size=0x10 | out: _Dst=0x2abc4c) returned 0x2abc4c [0121.409] memcpy (in: _Dst=0x2abc64, _Src=0x29eaa4, _Size=0x1c | out: _Dst=0x2abc64) returned 0x2abc64 [0121.410] memcpy (in: _Dst=0x2abc88, _Src=0x29eaf4, _Size=0x4 | out: _Dst=0x2abc88) returned 0x2abc88 [0121.410] memcpy (in: _Dst=0x2abc94, _Src=0x29eb2c, _Size=0x16 | out: _Dst=0x2abc94) returned 0x2abc94 [0121.410] memcpy (in: _Dst=0x2abcb4, _Src=0x29eb74, _Size=0x16 | out: _Dst=0x2abcb4) returned 0x2abcb4 [0121.410] memcpy (in: _Dst=0x2abcd4, _Src=0x29ebbc, _Size=0xe | out: _Dst=0x2abcd4) returned 0x2abcd4 [0121.410] memcpy (in: _Dst=0x2abcec, _Src=0x29ebfc, _Size=0xa | out: _Dst=0x2abcec) returned 0x2abcec [0121.410] memcpy (in: _Dst=0x2abd00, _Src=0x29ec3c, _Size=0x14 | out: _Dst=0x2abd00) returned 0x2abd00 [0121.410] memcpy (in: _Dst=0x2abd1c, _Src=0x29ed34, _Size=0xe | out: _Dst=0x2abd1c) returned 0x2abd1c [0121.410] memcpy (in: _Dst=0x2abd34, _Src=0x29ed74, _Size=0x4 | out: _Dst=0x2abd34) returned 0x2abd34 [0121.410] memcpy (in: _Dst=0x2abd40, _Src=0x29edac, _Size=0x1e | out: _Dst=0x2abd40) returned 0x2abd40 [0121.410] memcpy (in: _Dst=0x2abd68, _Src=0x29ee3c, _Size=0xe | out: _Dst=0x2abd68) returned 0x2abd68 [0121.410] memcpy (in: _Dst=0x2abd80, _Src=0x29ee7c, _Size=0x4 | out: _Dst=0x2abd80) returned 0x2abd80 [0121.410] memcpy (in: _Dst=0x2abd8c, _Src=0x29eeb4, _Size=0x6 | out: _Dst=0x2abd8c) returned 0x2abd8c [0121.411] memcpy (in: _Dst=0x2abd9c, _Src=0x29ef2c, _Size=0x4 | out: _Dst=0x2abd9c) returned 0x2abd9c [0121.411] memcpy (in: _Dst=0x2abda8, _Src=0x29ef64, _Size=0x26 | out: _Dst=0x2abda8) returned 0x2abda8 [0121.411] memcpy (in: _Dst=0x2abdd8, _Src=0x29f1fc, _Size=0x20 | out: _Dst=0x2abdd8) returned 0x2abdd8 [0121.411] memcpy (in: _Dst=0x2abe00, _Src=0x29f1b4, _Size=0x18 | out: _Dst=0x2abe00) returned 0x2abe00 [0121.411] memcpy (in: _Dst=0x2abe20, _Src=0x29f24c, _Size=0x22 | out: _Dst=0x2abe20) returned 0x2abe20 [0121.411] memcpy (in: _Dst=0x2abe4c, _Src=0x29f334, _Size=0xa | out: _Dst=0x2abe4c) returned 0x2abe4c [0121.411] memcpy (in: _Dst=0x2abe60, _Src=0x29f2dc, _Size=0x22 | out: _Dst=0x2abe60) returned 0x2abe60 [0121.411] memcpy (in: _Dst=0x2abe8c, _Src=0x29f424, _Size=0x6 | out: _Dst=0x2abe8c) returned 0x2abe8c [0121.411] memcpy (in: _Dst=0x2abe9c, _Src=0x29f45c, _Size=0xa | out: _Dst=0x2abe9c) returned 0x2abe9c [0121.411] memcpy (in: _Dst=0x2abeb0, _Src=0x29f49c, _Size=0x26 | out: _Dst=0x2abeb0) returned 0x2abeb0 [0121.411] memcpy (in: _Dst=0x2abee0, _Src=0x29f4f4, _Size=0x14 | out: _Dst=0x2abee0) returned 0x2abee0 [0121.411] memcpy (in: _Dst=0x2abefc, _Src=0x29f53c, _Size=0x4 | out: _Dst=0x2abefc) returned 0x2abefc [0121.411] memcpy (in: _Dst=0x2abf08, _Src=0x29f574, _Size=0x4 | out: _Dst=0x2abf08) returned 0x2abf08 [0121.412] memcpy (in: _Dst=0x2abf14, _Src=0x29f5ac, _Size=0x20 | out: _Dst=0x2abf14) returned 0x2abf14 [0121.412] memcpy (in: _Dst=0x2abf3c, _Src=0x29f5fc, _Size=0x14 | out: _Dst=0x2abf3c) returned 0x2abf3c [0121.412] memcpy (in: _Dst=0x2abf58, _Src=0x29f644, _Size=0x16 | out: _Dst=0x2abf58) returned 0x2abf58 [0121.412] memcpy (in: _Dst=0x2abf78, _Src=0x29f68c, _Size=0x4 | out: _Dst=0x2abf78) returned 0x2abf78 [0121.412] memcpy (in: _Dst=0x2abf84, _Src=0x29f6c4, _Size=0x6 | out: _Dst=0x2abf84) returned 0x2abf84 [0121.412] memcpy (in: _Dst=0x2abf94, _Src=0x29f6fc, _Size=0x12 | out: _Dst=0x2abf94) returned 0x2abf94 [0121.412] memcpy (in: _Dst=0x2abfb0, _Src=0x29f744, _Size=0x4 | out: _Dst=0x2abfb0) returned 0x2abfb0 [0121.412] memcpy (in: _Dst=0x2abfbc, _Src=0x29f7bc, _Size=0xa | out: _Dst=0x2abfbc) returned 0x2abfbc [0121.412] memcpy (in: _Dst=0x2abfd0, _Src=0x29f7fc, _Size=0x2 | out: _Dst=0x2abfd0) returned 0x2abfd0 [0121.412] memcpy (in: _Dst=0x2abfdc, _Src=0x29f77c, _Size=0x10 | out: _Dst=0x2abfdc) returned 0x2abfdc [0121.412] memcpy (in: _Dst=0x2abff4, _Src=0x29f834, _Size=0xa | out: _Dst=0x2abff4) returned 0x2abff4 [0121.413] memcpy (in: _Dst=0x2ac008, _Src=0x29f8c4, _Size=0x6 | out: _Dst=0x2ac008) returned 0x2ac008 [0121.413] memcpy (in: _Dst=0x2ac018, _Src=0x29f8fc, _Size=0x6 | out: _Dst=0x2ac018) returned 0x2ac018 [0121.413] memcpy (in: _Dst=0x2ac028, _Src=0x29f934, _Size=0x4 | out: _Dst=0x2ac028) returned 0x2ac028 [0121.413] memcpy (in: _Dst=0x2ac034, _Src=0x29f96c, _Size=0x4 | out: _Dst=0x2ac034) returned 0x2ac034 [0121.413] memcpy (in: _Dst=0x2ac040, _Src=0x29f9ec, _Size=0x6 | out: _Dst=0x2ac040) returned 0x2ac040 [0121.413] memcpy (in: _Dst=0x2ac050, _Src=0x29fa24, _Size=0xe | out: _Dst=0x2ac050) returned 0x2ac050 [0121.413] memcpy (in: _Dst=0x2ac068, _Src=0x29fa64, _Size=0x8 | out: _Dst=0x2ac068) returned 0x2ac068 [0121.413] memcpy (in: _Dst=0x2ac078, _Src=0x29fa9c, _Size=0x6 | out: _Dst=0x2ac078) returned 0x2ac078 [0121.413] memcpy (in: _Dst=0x2ac088, _Src=0x29fb4c, _Size=0x8 | out: _Dst=0x2ac088) returned 0x2ac088 [0121.413] memcpy (in: _Dst=0x2ac098, _Src=0x29fb0c, _Size=0xa | out: _Dst=0x2ac098) returned 0x2ac098 [0121.413] memcpy (in: _Dst=0x2ac0a4, _Src=0x43ef60, _Size=0xab | out: _Dst=0x2ac0a4) returned 0x2ac0a4 [0121.413] memcpy (in: _Dst=0x2ac150, _Src=0x43f990, _Size=0x378 | out: _Dst=0x2ac150) returned 0x2ac150 [0121.413] memcpy (in: _Dst=0x2ac4e8, _Src=0x16eac0, _Size=0x20 | out: _Dst=0x2ac4e8) returned 0x2ac4e8 [0121.414] memcpy (in: _Dst=0x2ac508, _Src=0x43dcf0, _Size=0x30 | out: _Dst=0x2ac508) returned 0x2ac508 [0121.414] memcpy (in: _Dst=0x2ac538, _Src=0x2056cd0, _Size=0x26bc | out: _Dst=0x2ac538) returned 0x2ac538 [0121.414] memcpy (in: _Dst=0x2aebf8, _Src=0x2a71e8, _Size=0x30 | out: _Dst=0x2aebf8) returned 0x2aebf8 [0121.414] memcpy (in: _Dst=0x2aec28, _Src=0x2a7224, _Size=0x3d | out: _Dst=0x2aec28) returned 0x2aec28 [0121.414] memcpy (in: _Dst=0x2aec65, _Src=0x2a7274, _Size=0x40 | out: _Dst=0x2aec65) returned 0x2aec65 [0121.414] memcpy (in: _Dst=0x2aeca5, _Src=0x2a72c4, _Size=0x40 | out: _Dst=0x2aeca5) returned 0x2aeca5 [0121.414] memcpy (in: _Dst=0x2aece5, _Src=0x2a7314, _Size=0x6 | out: _Dst=0x2aece5) returned 0x2aece5 [0121.414] memcpy (in: _Dst=0x2aecf0, _Src=0x2a7370, _Size=0x38 | out: _Dst=0x2aecf0) returned 0x2aecf0 [0121.414] memcpy (in: _Dst=0x2aed28, _Src=0x2a73b4, _Size=0x14 | out: _Dst=0x2aed28) returned 0x2aed28 [0121.414] memcpy (in: _Dst=0x2aed40, _Src=0x2a7410, _Size=0x48 | out: _Dst=0x2aed40) returned 0x2aed40 [0121.415] memcpy (in: _Dst=0x2aed88, _Src=0x2a7464, _Size=0x3f | out: _Dst=0x2aed88) returned 0x2aed88 [0121.415] memcpy (in: _Dst=0x2aedc7, _Src=0x2a750c, _Size=0x14 | out: _Dst=0x2aedc7) returned 0x2aedc7 [0121.415] memcpy (in: _Dst=0x2aede0, _Src=0x2a7568, _Size=0x30 | out: _Dst=0x2aede0) returned 0x2aede0 [0121.415] memcpy (in: _Dst=0x2aee10, _Src=0x2a75a4, _Size=0x29 | out: _Dst=0x2aee10) returned 0x2aee10 [0121.415] memcpy (in: _Dst=0x2aee40, _Src=0x2a7600, _Size=0x90 | out: _Dst=0x2aee40) returned 0x2aee40 [0121.415] memcpy (in: _Dst=0x2aeed0, _Src=0x2a769c, _Size=0x3e | out: _Dst=0x2aeed0) returned 0x2aeed0 [0121.415] memcpy (in: _Dst=0x2aef0e, _Src=0x2a76fc, _Size=0x40 | out: _Dst=0x2aef0e) returned 0x2aef0e [0121.415] memcpy (in: _Dst=0x2aef4e, _Src=0x2a774c, _Size=0x3f | out: _Dst=0x2aef4e) returned 0x2aef4e [0121.415] memcpy (in: _Dst=0x2aef8d, _Src=0x2a779c, _Size=0x40 | out: _Dst=0x2aef8d) returned 0x2aef8d [0121.416] memcpy (in: _Dst=0x2aefcd, _Src=0x2a7864, _Size=0x3d | out: _Dst=0x2aefcd) returned 0x2aefcd [0121.416] memcpy (in: _Dst=0x2af00a, _Src=0x2a78c4, _Size=0x3f | out: _Dst=0x2af00a) returned 0x2af00a [0121.416] memcpy (in: _Dst=0x2af049, _Src=0x2a793c, _Size=0x3f | out: _Dst=0x2af049) returned 0x2af049 [0121.416] memcpy (in: _Dst=0x2af088, _Src=0x2a799c, _Size=0x3d | out: _Dst=0x2af088) returned 0x2af088 [0121.416] memcpy (in: _Dst=0x2af0c5, _Src=0x2a79ec, _Size=0x3e | out: _Dst=0x2af0c5) returned 0x2af0c5 [0121.416] memcpy (in: _Dst=0x2af103, _Src=0x2a7a3c, _Size=0x3f | out: _Dst=0x2af103) returned 0x2af103 [0121.416] memcpy (in: _Dst=0x2af142, _Src=0x2a7a8c, _Size=0x3f | out: _Dst=0x2af142) returned 0x2af142 [0121.416] memcpy (in: _Dst=0x2af181, _Src=0x2a7adc, _Size=0x3d | out: _Dst=0x2af181) returned 0x2af181 [0121.416] memcpy (in: _Dst=0x2af1be, _Src=0x2a7b44, _Size=0x40 | out: _Dst=0x2af1be) returned 0x2af1be [0121.417] memcpy (in: _Dst=0x2af1fe, _Src=0x2a7bac, _Size=0x3f | out: _Dst=0x2af1fe) returned 0x2af1fe [0121.417] memcpy (in: _Dst=0x2af23d, _Src=0x2a7bfc, _Size=0x40 | out: _Dst=0x2af23d) returned 0x2af23d [0121.417] memcpy (in: _Dst=0x2af27d, _Src=0x2a7c4c, _Size=0x40 | out: _Dst=0x2af27d) returned 0x2af27d [0121.417] memcpy (in: _Dst=0x2af2bd, _Src=0x2a7c9c, _Size=0x40 | out: _Dst=0x2af2bd) returned 0x2af2bd [0121.417] memcpy (in: _Dst=0x2af2fd, _Src=0x2a7cec, _Size=0x40 | out: _Dst=0x2af2fd) returned 0x2af2fd [0121.417] memcpy (in: _Dst=0x2af33d, _Src=0x2a7d54, _Size=0x40 | out: _Dst=0x2af33d) returned 0x2af33d [0121.417] memcpy (in: _Dst=0x2af37d, _Src=0x2a7da4, _Size=0x40 | out: _Dst=0x2af37d) returned 0x2af37d [0121.417] memcpy (in: _Dst=0x2af3bd, _Src=0x2a7df4, _Size=0x3f | out: _Dst=0x2af3bd) returned 0x2af3bd [0121.417] memcpy (in: _Dst=0x2af3fc, _Src=0x2a7e44, _Size=0x40 | out: _Dst=0x2af3fc) returned 0x2af3fc [0121.417] memcpy (in: _Dst=0x2af43c, _Src=0x2a7e94, _Size=0x3e | out: _Dst=0x2af43c) returned 0x2af43c [0121.417] memcpy (in: _Dst=0x2af47a, _Src=0x2a7ee4, _Size=0x9 | out: _Dst=0x2af47a) returned 0x2af47a [0121.417] memcpy (in: _Dst=0x2af488, _Src=0x2a7f40, _Size=0x60 | out: _Dst=0x2af488) returned 0x2af488 [0121.417] memcpy (in: _Dst=0x2af4e8, _Src=0x2a7fac, _Size=0x40 | out: _Dst=0x2af4e8) returned 0x2af4e8 [0121.418] memcpy (in: _Dst=0x2af528, _Src=0x2a7ffc, _Size=0x40 | out: _Dst=0x2af528) returned 0x2af528 [0121.418] memcpy (in: _Dst=0x2af568, _Src=0x2a804c, _Size=0x3d | out: _Dst=0x2af568) returned 0x2af568 [0121.418] memcpy (in: _Dst=0x2af5a5, _Src=0x2a809c, _Size=0x40 | out: _Dst=0x2af5a5) returned 0x2af5a5 [0121.418] memcpy (in: _Dst=0x2af5e5, _Src=0x2a80ec, _Size=0x3d | out: _Dst=0x2af5e5) returned 0x2af5e5 [0121.418] memcpy (in: _Dst=0x2af622, _Src=0x2a813c, _Size=0x40 | out: _Dst=0x2af622) returned 0x2af622 [0121.418] memcpy (in: _Dst=0x2af662, _Src=0x2a818c, _Size=0x40 | out: _Dst=0x2af662) returned 0x2af662 [0121.418] memcpy (in: _Dst=0x2af6a2, _Src=0x2a81dc, _Size=0x40 | out: _Dst=0x2af6a2) returned 0x2af6a2 [0121.418] memcpy (in: _Dst=0x2af6e2, _Src=0x2a822c, _Size=0x40 | out: _Dst=0x2af6e2) returned 0x2af6e2 [0121.418] memcpy (in: _Dst=0x2af722, _Src=0x2a827c, _Size=0x3f | out: _Dst=0x2af722) returned 0x2af722 [0121.418] memcpy (in: _Dst=0x2af768, _Src=0x2a82d8, _Size=0x48 | out: _Dst=0x2af768) returned 0x2af768 [0121.418] memcpy (in: _Dst=0x2af7b0, _Src=0x2a832c, _Size=0x40 | out: _Dst=0x2af7b0) returned 0x2af7b0 [0121.418] memcpy (in: _Dst=0x2af7f0, _Src=0x2a837c, _Size=0x3d | out: _Dst=0x2af7f0) returned 0x2af7f0 [0121.418] memcpy (in: _Dst=0x2af82d, _Src=0x2a83cc, _Size=0x9 | out: _Dst=0x2af82d) returned 0x2af82d [0121.418] ??2@YAPEAX_K@Z () returned 0x43c8c0 [0121.419] free (_Block=0x29dfd0) [0121.419] free (_Block=0x43ddc0) [0121.420] ??3@YAXPEAX@Z () returned 0x44005200820001 [0121.420] free (_Block=0x43ef60) [0121.420] free (_Block=0x43f990) [0121.421] free (_Block=0x2a7820) [0121.421] free (_Block=0x2a3810) [0121.421] free (_Block=0x2a1800) [0121.422] free (_Block=0x2a07f0) [0121.422] free (_Block=0x29ffe0) [0121.422] free (_Block=0x43f580) [0121.423] free (_Block=0x43f370) [0121.423] free (_Block=0x43a100) [0121.423] ??2@YAPEAX_K@Z () returned 0x43d6c0 [0121.423] ??2@YAPEAX_K@Z () returned 0x43ddc0 [0121.423] malloc (_Size=0x10) returned 0x43c8a0 [0121.424] memcpy (in: _Dst=0x43c8a0, _Src=0x16e9a0, _Size=0x10 | out: _Dst=0x43c8a0) returned 0x43c8a0 [0121.424] free (_Block=0x43dcf0) [0121.425] GetUserDefaultLCID () returned 0x409 [0121.425] GetACP () returned 0x4e4 [0121.425] ??3@YAXPEAX@Z () returned 0x440053007e0001 [0121.425] ISystemDebugEventFire:EndSession (This=0x229040) returned 0x0 [0121.425] IUnknown:Release (This=0x229040) returned 0x1 [0121.425] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.425] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.426] IUnknown:Release (This=0x229040) returned 0x0 [0121.426] DllRegisterServer () returned 0x0 [0121.427] XSLTemplate:IXSLTemplate:createProcessor (in: This=0x2047620, ppProcessor=0x16ef60 | out: ppProcessor=0x16ef60*=0x2048df0) returned 0x0 [0121.427] FreeThreadedDOMDocument:IUnknown:AddRef (This=0x20471d0) returned 0x2 [0121.427] IXSLProcessor:put_input (This=0x2048df0, input=0x16f1a0*(varType=0x9, wReserved1=0xf3fa, wReserved2=0x7fe, wReserved3=0x0, varVal1=0x20471d0, varVal2=0x1)) returned 0x0 [0121.427] GetStdHandle (nStdHandle=0xfffffff5) returned 0x1a0 [0121.428] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1a0, lpConsoleScreenBufferInfo=0x16ee60 | out: lpConsoleScreenBufferInfo=0x16ee60) returned 0 [0121.428] GetStdHandle (nStdHandle=0xfffffff5) returned 0x1a0 [0121.428] GetFileType (hFile=0x1a0) returned 0x3 [0121.428] IXSLProcessor:transform (in: This=0x2048df0, pDone=0x16f218 | out: pDone=0x16f218*=0xffff) returned 0x0 [0121.446] GetCurrentThreadId () returned 0xe10 [0121.446] ??2@YAPEAX_K@Z () returned 0x43db90 [0121.446] ??2@YAPEAX_K@Z () returned 0x438740 [0121.446] GetCurrentThreadId () returned 0xe10 [0121.446] ??2@YAPEAX_K@Z () returned 0x43dc60 [0121.449] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0121.449] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x16ec80, cchData=6 | out: lpLCData="1252") returned 5 [0121.450] IsValidCodePage (CodePage=0x4e4) returned 1 [0121.450] DllRegisterServer () returned 0x0 [0121.450] CoCreateInstance (in: rclsid=0x7fef493d5a8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef493d5b8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x43da68 | out: ppv=0x43da68*=0x229040) returned 0x0 [0121.451] IUnknown:AddRef (This=0x229040) returned 0x2 [0121.451] GetCurrentProcessId () returned 0xe0c [0121.451] GetCurrentThreadId () returned 0xe10 [0121.451] GetTickCount () returned 0x14dd030 [0121.451] ISystemDebugEventFire:BeginSession (This=0x229040, guidSourceID=0x7fef493d5d8, strSessionName="VBScript:00003596:00003600:21876784") returned 0x0 [0121.451] GetCurrentThreadId () returned 0xe10 [0121.451] ??2@YAPEAX_K@Z () returned 0x43dcf0 [0121.452] ??2@YAPEAX_K@Z () returned 0x43c880 [0121.453] ??2@YAPEAX_K@Z () returned 0x43dd40 [0121.453] ISystemDebugEventFire:IsActive (This=0x229040) returned 0x1 [0121.456] malloc (_Size=0x988) returned 0x43ddf0 [0121.456] GetCurrentThreadId () returned 0xe10 [0121.457] DllRegisterServer () returned 0x0 [0121.457] ??2@YAPEAX_K@Z () returned 0x43e780 [0121.495] ??2@YAPEAX_K@Z () returned 0x43e7d0 [0121.495] malloc (_Size=0x80) returned 0x43e8d0 [0121.496] malloc (_Size=0x108) returned 0x43a100 [0121.496] memcpy (in: _Dst=0x43a148, _Src=0x2ab868, _Size=0x1a | out: _Dst=0x43a148) returned 0x43a148 [0121.496] ??2@YAPEAX_K@Z () returned 0x43e960 [0121.496] memcpy (in: _Dst=0x43a1a8, _Src=0x2ab88c, _Size=0xc | out: _Dst=0x43a1a8) returned 0x43a1a8 [0121.496] ??2@YAPEAX_K@Z () returned 0x43e9b0 [0121.497] malloc (_Size=0x208) returned 0x43ea00 [0121.497] memcpy (in: _Dst=0x43ea48, _Src=0x2ab8a0, _Size=0x18 | out: _Dst=0x43ea48) returned 0x43ea48 [0121.497] ??2@YAPEAX_K@Z () returned 0x43ec10 [0121.498] memcpy (in: _Dst=0x43eaa0, _Src=0x2ab8c0, _Size=0x14 | out: _Dst=0x43eaa0) returned 0x43eaa0 [0121.498] ??2@YAPEAX_K@Z () returned 0x43ec60 [0121.498] memcpy (in: _Dst=0x43eaf8, _Src=0x2ab8dc, _Size=0x1c | out: _Dst=0x43eaf8) returned 0x43eaf8 [0121.498] ??2@YAPEAX_K@Z () returned 0x43ecb0 [0121.499] memcpy (in: _Dst=0x43eb58, _Src=0x2ab900, _Size=0x14 | out: _Dst=0x43eb58) returned 0x43eb58 [0121.499] GetCurrentThreadId () returned 0xe10 [0121.500] memcpy (in: _Dst=0x43ebb0, _Src=0x2ab91c, _Size=0xc | out: _Dst=0x43ebb0) returned 0x43ebb0 [0121.500] GetCurrentThreadId () returned 0xe10 [0121.500] malloc (_Size=0x408) returned 0x43ed00 [0121.500] memcpy (in: _Dst=0x43ed48, _Src=0x2ab930, _Size=0x12 | out: _Dst=0x43ed48) returned 0x43ed48 [0121.500] GetCurrentThreadId () returned 0xe10 [0121.501] memcpy (in: _Dst=0x43eda0, _Src=0x2ab94c, _Size=0xe | out: _Dst=0x43eda0) returned 0x43eda0 [0121.501] GetCurrentThreadId () returned 0xe10 [0121.501] memcpy (in: _Dst=0x43edf0, _Src=0x2ab964, _Size=0x6 | out: _Dst=0x43edf0) returned 0x43edf0 [0121.501] GetCurrentThreadId () returned 0xe10 [0121.502] memcpy (in: _Dst=0x43ee38, _Src=0x2ab974, _Size=0xc | out: _Dst=0x43ee38) returned 0x43ee38 [0121.502] GetCurrentThreadId () returned 0xe10 [0121.503] memcpy (in: _Dst=0x43ee88, _Src=0x2ab988, _Size=0x12 | out: _Dst=0x43ee88) returned 0x43ee88 [0121.503] GetCurrentThreadId () returned 0xe10 [0121.503] memcpy (in: _Dst=0x43eee0, _Src=0x2ab9a4, _Size=0x14 | out: _Dst=0x43eee0) returned 0x43eee0 [0121.503] GetCurrentThreadId () returned 0xe10 [0121.504] memcpy (in: _Dst=0x43ef38, _Src=0x2ab9c0, _Size=0xa | out: _Dst=0x43ef38) returned 0x43ef38 [0121.504] GetCurrentThreadId () returned 0xe10 [0121.504] memcpy (in: _Dst=0x43ef88, _Src=0x2ab9d4, _Size=0x1a | out: _Dst=0x43ef88) returned 0x43ef88 [0121.505] ??2@YAPEAX_K@Z () returned 0x43f110 [0121.780] GetCurrentThreadId () returned 0xe10 [0121.780] DllRegisterServer () returned 0x0 [0121.780] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.780] ISystemDebugEventFire:IsActive (This=0x229040) returned 0x1 [0121.781] GetCurrentThreadId () returned 0xe10 [0121.782] DllRegisterServer () returned 0x0 [0121.783] GetCurrentThreadId () returned 0xe10 [0121.783] realloc (_Block=0x0, _Size=0xc8) returned 0x43f5d0 [0121.783] memcpy (in: _Dst=0x43f5d0, _Src=0x7fef4950800, _Size=0x10 | out: _Dst=0x43f5d0) returned 0x43f5d0 [0121.783] memcpy (in: _Dst=0x43f5e0, _Src=0x7fef493f2c8, _Size=0x6 | out: _Dst=0x43f5e0) returned 0x43f5e0 [0121.783] memcpy (in: _Dst=0x43f5e6, _Src=0x7fef493f2d0, _Size=0x18 | out: _Dst=0x43f5e6) returned 0x43f5e6 [0121.783] ??2@YAPEAX_K@Z () returned 0x4387c0 [0121.783] malloc (_Size=0x1008) returned 0x2af840 [0121.784] ??2@YAPEAX_K@Z () returned 0x43f6a0 [0121.784] malloc (_Size=0x2008) returned 0x2b0850 [0121.784] memcpy (in: _Dst=0x2b0884, _Src=0x27319d0, _Size=0x18 | out: _Dst=0x2b0884) returned 0x2b0884 [0121.784] malloc (_Size=0x108) returned 0x43a210 [0121.784] memcpy (in: _Dst=0x2b08d4, _Src=0x27319ea, _Size=0x8 | out: _Dst=0x2b08d4) returned 0x2b08d4 [0121.785] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.785] malloc (_Size=0x208) returned 0x43f6a0 [0121.785] malloc (_Size=0x40) returned 0x43dd40 [0121.785] malloc (_Size=0x138) returned 0x43f8b0 [0121.785] memcpy (in: _Dst=0x43f8b0, _Src=0x16e560, _Size=0x30 | out: _Dst=0x43f8b0) returned 0x43f8b0 [0121.785] memcpy (in: _Dst=0x43f8e8, _Src=0x2b08d4, _Size=0xa | out: _Dst=0x43f8e8) returned 0x43f8e8 [0121.786] memcpy (in: _Dst=0x43f8fc, _Src=0x2b0884, _Size=0x1a | out: _Dst=0x43f8fc) returned 0x43f8fc [0121.786] memcpy (in: _Dst=0x43f918, _Src=0x0, _Size=0x0 | out: _Dst=0x43f918) returned 0x43f918 [0121.786] memcpy (in: _Dst=0x43f918, _Src=0x43dd40, _Size=0x8 | out: _Dst=0x43f918) returned 0x43f918 [0121.786] memcpy (in: _Dst=0x43f928, _Src=0x16eb20, _Size=0x20 | out: _Dst=0x43f928) returned 0x43f928 [0121.786] memcpy (in: _Dst=0x43f948, _Src=0x43f5d0, _Size=0x30 | out: _Dst=0x43f948) returned 0x43f948 [0121.786] memcpy (in: _Dst=0x43f978, _Src=0x27319d0, _Size=0x24 | out: _Dst=0x43f978) returned 0x43f978 [0121.786] memcpy (in: _Dst=0x43f9a0, _Src=0x43f6c0, _Size=0x30 | out: _Dst=0x43f9a0) returned 0x43f9a0 [0121.786] memcpy (in: _Dst=0x43f9d0, _Src=0x43f6fc, _Size=0x13 | out: _Dst=0x43f9d0) returned 0x43f9d0 [0121.786] ??2@YAPEAX_K@Z () returned 0x43c8e0 [0121.787] free (_Block=0x2b0850) [0121.789] free (_Block=0x2af840) [0121.789] ??3@YAXPEAX@Z () returned 0x44005400820001 [0121.789] free (_Block=0x43dd40) [0121.790] free (_Block=0x43f6a0) [0121.790] free (_Block=0x43a210) [0121.790] ??2@YAPEAX_K@Z () returned 0x43dd40 [0121.791] realloc (_Block=0x43c8a0, _Size=0x40) returned 0x43f6a0 [0121.791] memcpy (in: _Dst=0x43f6b0, _Src=0x16ea00, _Size=0x10 | out: _Dst=0x43f6b0) returned 0x43f6b0 [0121.791] ??2@YAPEAX_K@Z () returned 0x43f6f0 [0121.792] ISystemDebugEventFire:IsActive (This=0x229040) returned 0x1 [0121.793] GetCurrentThreadId () returned 0xe10 [0121.793] DllRegisterServer () returned 0x0 [0121.794] memcpy (in: _Dst=0x43efe8, _Src=0x43f8e8, _Size=0xa | out: _Dst=0x43efe8) returned 0x43efe8 [0121.796] GetCurrentThreadId () returned 0xe10 [0121.796] DllRegisterServer () returned 0x0 [0121.797] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.797] ISystemDebugEventFire:IsActive (This=0x229040) returned 0x1 [0121.798] free (_Block=0x43f8b0) [0121.798] ??3@YAXPEAX@Z () returned 0x43010400540001 [0121.798] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.798] free (_Block=0x43f5d0) [0121.799] GetCurrentThreadId () returned 0xe10 [0121.799] realloc (_Block=0x0, _Size=0xc8) returned 0x43f5d0 [0121.799] memcpy (in: _Dst=0x43f5d0, _Src=0x7fef4950800, _Size=0x10 | out: _Dst=0x43f5d0) returned 0x43f5d0 [0121.799] memcpy (in: _Dst=0x43f5e0, _Src=0x7fef493f2c8, _Size=0x6 | out: _Dst=0x43f5e0) returned 0x43f5e0 [0121.799] memcpy (in: _Dst=0x43f5e6, _Src=0x7fef493f2d0, _Size=0x18 | out: _Dst=0x43f5e6) returned 0x43f5e6 [0121.800] ??2@YAPEAX_K@Z () returned 0x4387c0 [0121.800] malloc (_Size=0x1008) returned 0x2af840 [0121.800] ??2@YAPEAX_K@Z () returned 0x43f6f0 [0121.800] malloc (_Size=0x2008) returned 0x2b0850 [0121.800] memcpy (in: _Dst=0x2b0884, _Src=0x2731aa0, _Size=0x16 | out: _Dst=0x2b0884) returned 0x2b0884 [0121.800] malloc (_Size=0x108) returned 0x43a210 [0121.800] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.801] malloc (_Size=0x208) returned 0x43f6f0 [0121.801] malloc (_Size=0x40) returned 0x43dd40 [0121.801] malloc (_Size=0x110) returned 0x43f900 [0121.801] memcpy (in: _Dst=0x43f900, _Src=0x16e560, _Size=0x30 | out: _Dst=0x43f900) returned 0x43f900 [0121.801] memcpy (in: _Dst=0x43f938, _Src=0x2b0884, _Size=0x18 | out: _Dst=0x43f938) returned 0x43f938 [0121.801] memcpy (in: _Dst=0x43f950, _Src=0x0, _Size=0x0 | out: _Dst=0x43f950) returned 0x43f950 [0121.801] memcpy (in: _Dst=0x43f950, _Src=0x43dd40, _Size=0x8 | out: _Dst=0x43f950) returned 0x43f950 [0121.801] memcpy (in: _Dst=0x43f960, _Src=0x16eb20, _Size=0x20 | out: _Dst=0x43f960) returned 0x43f960 [0121.801] memcpy (in: _Dst=0x43f980, _Src=0x43f5d0, _Size=0x30 | out: _Dst=0x43f980) returned 0x43f980 [0121.802] memcpy (in: _Dst=0x43f9b0, _Src=0x2731aa0, _Size=0x1a | out: _Dst=0x43f9b0) returned 0x43f9b0 [0121.802] memcpy (in: _Dst=0x43f9d0, _Src=0x43f710, _Size=0x30 | out: _Dst=0x43f9d0) returned 0x43f9d0 [0121.802] memcpy (in: _Dst=0x43fa00, _Src=0x43f74c, _Size=0xe | out: _Dst=0x43fa00) returned 0x43fa00 [0121.802] ??2@YAPEAX_K@Z () returned 0x43c8e0 [0121.802] free (_Block=0x2b0850) [0121.803] free (_Block=0x2af840) [0121.803] ??3@YAXPEAX@Z () returned 0x44005500820001 [0121.803] free (_Block=0x43dd40) [0121.803] free (_Block=0x43f6f0) [0121.803] free (_Block=0x43a210) [0121.804] ??2@YAPEAX_K@Z () returned 0x43dd40 [0121.804] memcpy (in: _Dst=0x43f6b0, _Src=0x16ea00, _Size=0x10 | out: _Dst=0x43f6b0) returned 0x43f6b0 [0121.804] ??2@YAPEAX_K@Z () returned 0x43f6f0 [0121.805] ISystemDebugEventFire:IsActive (This=0x229040) returned 0x1 [0121.806] GetCurrentThreadId () returned 0xe10 [0121.806] DllRegisterServer () returned 0x0 [0121.808] GetCurrentThreadId () returned 0xe10 [0121.808] DllRegisterServer () returned 0x0 [0121.808] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.808] ISystemDebugEventFire:IsActive (This=0x229040) returned 0x1 [0121.809] free (_Block=0x43f900) [0121.809] ??3@YAXPEAX@Z () returned 0x43010500540001 [0121.809] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.809] free (_Block=0x43f5d0) [0121.810] GetCurrentThreadId () returned 0xe10 [0121.810] realloc (_Block=0x0, _Size=0xc8) returned 0x43f5d0 [0121.810] memcpy (in: _Dst=0x43f5d0, _Src=0x7fef4950800, _Size=0x10 | out: _Dst=0x43f5d0) returned 0x43f5d0 [0121.810] memcpy (in: _Dst=0x43f5e0, _Src=0x7fef493f2c8, _Size=0x6 | out: _Dst=0x43f5e0) returned 0x43f5e0 [0121.810] memcpy (in: _Dst=0x43f5e6, _Src=0x7fef493f2d0, _Size=0x18 | out: _Dst=0x43f5e6) returned 0x43f5e6 [0121.810] ??2@YAPEAX_K@Z () returned 0x4387c0 [0121.810] malloc (_Size=0x1008) returned 0x2af840 [0121.811] ??2@YAPEAX_K@Z () returned 0x43f6f0 [0121.811] malloc (_Size=0x2008) returned 0x2b0850 [0121.811] memcpy (in: _Dst=0x2b0884, _Src=0x2731c50, _Size=0x12 | out: _Dst=0x2b0884) returned 0x2b0884 [0121.811] malloc (_Size=0x108) returned 0x43a210 [0121.811] memcpy (in: _Dst=0x2b08cc, _Src=0x2731c64, _Size=0x8 | out: _Dst=0x2b08cc) returned 0x2b08cc [0121.811] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.811] malloc (_Size=0x208) returned 0x43f6f0 [0121.812] malloc (_Size=0x40) returned 0x43dd40 [0121.812] malloc (_Size=0x128) returned 0x43f900 [0121.812] memcpy (in: _Dst=0x43f900, _Src=0x16e560, _Size=0x30 | out: _Dst=0x43f900) returned 0x43f900 [0121.812] memcpy (in: _Dst=0x43f938, _Src=0x2b08cc, _Size=0xa | out: _Dst=0x43f938) returned 0x43f938 [0121.812] memcpy (in: _Dst=0x43f94c, _Src=0x2b0884, _Size=0x14 | out: _Dst=0x43f94c) returned 0x43f94c [0121.812] memcpy (in: _Dst=0x43f960, _Src=0x0, _Size=0x0 | out: _Dst=0x43f960) returned 0x43f960 [0121.812] memcpy (in: _Dst=0x43f960, _Src=0x43dd40, _Size=0x8 | out: _Dst=0x43f960) returned 0x43f960 [0121.812] memcpy (in: _Dst=0x43f970, _Src=0x16eb20, _Size=0x20 | out: _Dst=0x43f970) returned 0x43f970 [0121.812] memcpy (in: _Dst=0x43f990, _Src=0x43f5d0, _Size=0x30 | out: _Dst=0x43f990) returned 0x43f990 [0121.813] memcpy (in: _Dst=0x43f9c0, _Src=0x2731c50, _Size=0x1e | out: _Dst=0x43f9c0) returned 0x43f9c0 [0121.813] memcpy (in: _Dst=0x43f9e0, _Src=0x43f710, _Size=0x30 | out: _Dst=0x43f9e0) returned 0x43f9e0 [0121.813] memcpy (in: _Dst=0x43fa10, _Src=0x43f74c, _Size=0x13 | out: _Dst=0x43fa10) returned 0x43fa10 [0121.813] ??2@YAPEAX_K@Z () returned 0x43c8e0 [0121.813] free (_Block=0x2b0850) [0121.814] free (_Block=0x2af840) [0121.814] ??3@YAXPEAX@Z () returned 0x44005600820001 [0121.814] free (_Block=0x43dd40) [0121.814] free (_Block=0x43f6f0) [0121.815] free (_Block=0x43a210) [0121.815] ??2@YAPEAX_K@Z () returned 0x43dd40 [0121.815] memcpy (in: _Dst=0x43f6b0, _Src=0x16ea00, _Size=0x10 | out: _Dst=0x43f6b0) returned 0x43f6b0 [0121.816] ??2@YAPEAX_K@Z () returned 0x43f6f0 [0121.816] ISystemDebugEventFire:IsActive (This=0x229040) returned 0x1 [0121.817] GetCurrentThreadId () returned 0xe10 [0121.817] DllRegisterServer () returned 0x0 [0121.819] IUnknown:QueryInterface (in: This=0x2054340, riid=0x7fef493d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x16d900 | out: ppvObject=0x16d900*=0x2054370) returned 0x0 [0121.819] IUnknown:Release (This=0x2054340) returned 0x1 [0121.819] IUnknown:QueryInterface (in: This=0x2054370, riid=0x7fef493d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x16dc00 | out: ppvObject=0x16dc00*=0x2054370) returned 0x0 [0121.820] IDispatchEx:GetDispId (in: This=0x2054370, bstrName="GetNamedItem", grfdex=0x8, pid=0x16db68 | out: pid=0x16db68*=83) returned 0x0 [0121.820] IUnknown:Release (This=0x2054370) returned 0x1 [0121.820] IUnknown:AddRef (This=0x2054370) returned 0x2 [0121.820] IUnknown:QueryInterface (in: This=0x2054370, riid=0x7fef493d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x16d8f0 | out: ppvObject=0x16d8f0*=0x2054370) returned 0x0 [0121.820] ??2@YAPEAX_K@Z () returned 0x43f740 [0121.822] IDispatchEx:InvokeEx (in: This=0x2054370, id=83, lcid=0x409, wFlags=0x3, pdp=0x16d8c8*(rgvarg=([0]=0x43e490*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NAME", varVal2=0x29e758)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarRes=0x16db08, pei=0x16d910, pspCaller=0x43f740 | out: pdp=0x16d8c8*(rgvarg=([0]=0x43e490*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NAME", varVal2=0x29e758)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarRes=0x16db08*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x204a280, varVal2=0x0), pei=0x16d910*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0)) returned 0x0 [0121.822] IUnknown:Release (This=0x2054370) returned 0x2 [0121.822] IUnknown:Release (This=0x2054370) returned 0x1 [0121.822] IUnknown:QueryInterface (in: This=0x204a280, riid=0x7fef493d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x16d900 | out: ppvObject=0x16d900*=0x204a2b0) returned 0x0 [0121.822] IUnknown:Release (This=0x204a280) returned 0x1 [0121.822] IUnknown:QueryInterface (in: This=0x204a2b0, riid=0x7fef493d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x16dc18 | out: ppvObject=0x16dc18*=0x204a2b0) returned 0x0 [0121.823] IDispatchEx:GetDispId (in: This=0x204a2b0, bstrName="Value", grfdex=0x8, pid=0x16db6c | out: pid=0x16db6c*=120) returned 0x0 [0121.823] IUnknown:Release (This=0x204a2b0) returned 0x1 [0121.823] IUnknown:AddRef (This=0x204a2b0) returned 0x2 [0121.823] IUnknown:QueryInterface (in: This=0x204a2b0, riid=0x7fef493d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x16d8f0 | out: ppvObject=0x16d8f0*=0x204a2b0) returned 0x0 [0121.824] IDispatchEx:InvokeEx (in: This=0x204a2b0, id=120, lcid=0x409, wFlags=0x3, pdp=0x16d8c8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarRes=0x43e4a8, pei=0x16d910, pspCaller=0x43f740 | out: pdp=0x16d8c8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarRes=0x43e4a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Name", varVal2=0x0), pei=0x16d910*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0)) returned 0x0 [0121.824] IUnknown:Release (This=0x204a2b0) returned 0x2 [0121.824] IUnknown:Release (This=0x204a2b0) returned 0x1 [0121.826] memcpy (in: _Dst=0x43f038, _Src=0x7fef4951978, _Size=0x10 | out: _Dst=0x43f038) returned 0x43f038 [0121.827] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="PROPERTY", cchCount1=8, lpString2="Property.Array", cchCount2=14) returned 1 [0121.828] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="PROPERTY", cchCount1=8, lpString2="Property.Reference", cchCount2=18) returned 1 [0121.830] memcpy (in: _Dst=0x43f088, _Src=0x7fef4953a60, _Size=0xa | out: _Dst=0x43f088) returned 0x43f088 [0121.830] memcpy (in: _Dst=0x43f0d8, _Src=0x7fef4952208, _Size=0x10 | out: _Dst=0x43f0d8) returned 0x43f0d8 [0121.831] memcpy (in: _Dst=0x2162c8, _Src=0x216188, _Size=0x36 | out: _Dst=0x2162c8) returned 0x2162c8 [0121.832] malloc (_Size=0x808) returned 0x2af840 [0121.832] memcpy (in: _Dst=0x2af888, _Src=0x7fef4953b10, _Size=0xa | out: _Dst=0x2af888) returned 0x2af888 [0121.832] memcpy (in: _Dst=0x216d68, _Src=0x216188, _Size=0x36 | out: _Dst=0x216d68) returned 0x216d68 [0121.833] GetCurrentThreadId () returned 0xe10 [0121.834] DllRegisterServer () returned 0x0 [0121.834] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.834] ISystemDebugEventFire:IsActive (This=0x229040) returned 0x1 [0121.835] free (_Block=0x43f900) [0121.835] ??3@YAXPEAX@Z () returned 0x43010600540001 [0121.835] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.835] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.835] free (_Block=0x43f5d0) [0121.836] GetCurrentThreadId () returned 0xe10 [0121.836] realloc (_Block=0x0, _Size=0xc8) returned 0x43f5d0 [0121.836] memcpy (in: _Dst=0x43f5d0, _Src=0x7fef4950800, _Size=0x10 | out: _Dst=0x43f5d0) returned 0x43f5d0 [0121.836] memcpy (in: _Dst=0x43f5e0, _Src=0x7fef493f2c8, _Size=0x6 | out: _Dst=0x43f5e0) returned 0x43f5e0 [0121.836] memcpy (in: _Dst=0x43f5e6, _Src=0x7fef493f2d0, _Size=0x18 | out: _Dst=0x43f5e6) returned 0x43f5e6 [0121.837] ??2@YAPEAX_K@Z () returned 0x4387c0 [0121.837] malloc (_Size=0x1008) returned 0x2b0050 [0121.837] ??2@YAPEAX_K@Z () returned 0x43f6f0 [0121.838] malloc (_Size=0x2008) returned 0x2b1060 [0121.838] memcpy (in: _Dst=0x2b1094, _Src=0x27318e0, _Size=0x1a | out: _Dst=0x2b1094) returned 0x2b1094 [0121.838] malloc (_Size=0x108) returned 0x43a210 [0121.838] memcpy (in: _Dst=0x2b10e4, _Src=0x27318fc, _Size=0x8 | out: _Dst=0x2b10e4) returned 0x2b10e4 [0121.838] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.838] malloc (_Size=0x208) returned 0x43f6f0 [0121.839] malloc (_Size=0x40) returned 0x43dd40 [0121.839] malloc (_Size=0x138) returned 0x43f900 [0121.839] memcpy (in: _Dst=0x43f900, _Src=0x16e560, _Size=0x30 | out: _Dst=0x43f900) returned 0x43f900 [0121.839] memcpy (in: _Dst=0x43f938, _Src=0x2b10e4, _Size=0xa | out: _Dst=0x43f938) returned 0x43f938 [0121.839] memcpy (in: _Dst=0x43f94c, _Src=0x2b1094, _Size=0x1c | out: _Dst=0x43f94c) returned 0x43f94c [0121.839] memcpy (in: _Dst=0x43f968, _Src=0x0, _Size=0x0 | out: _Dst=0x43f968) returned 0x43f968 [0121.839] memcpy (in: _Dst=0x43f968, _Src=0x43dd40, _Size=0x8 | out: _Dst=0x43f968) returned 0x43f968 [0121.839] memcpy (in: _Dst=0x43f978, _Src=0x16eb20, _Size=0x20 | out: _Dst=0x43f978) returned 0x43f978 [0121.839] memcpy (in: _Dst=0x43f998, _Src=0x43f5d0, _Size=0x30 | out: _Dst=0x43f998) returned 0x43f998 [0121.839] memcpy (in: _Dst=0x43f9c8, _Src=0x27318e0, _Size=0x26 | out: _Dst=0x43f9c8) returned 0x43f9c8 [0121.839] memcpy (in: _Dst=0x43f9f0, _Src=0x43f710, _Size=0x30 | out: _Dst=0x43f9f0) returned 0x43f9f0 [0121.840] memcpy (in: _Dst=0x43fa20, _Src=0x43f74c, _Size=0x13 | out: _Dst=0x43fa20) returned 0x43fa20 [0121.840] ??2@YAPEAX_K@Z () returned 0x43c8e0 [0121.840] free (_Block=0x2b1060) [0121.840] free (_Block=0x2b0050) [0121.841] ??3@YAXPEAX@Z () returned 0x44005700820001 [0121.841] free (_Block=0x43dd40) [0121.841] free (_Block=0x43f6f0) [0121.841] free (_Block=0x43a210) [0121.841] ??2@YAPEAX_K@Z () returned 0x43dd40 [0121.842] memcpy (in: _Dst=0x43f6b0, _Src=0x16ea00, _Size=0x10 | out: _Dst=0x43f6b0) returned 0x43f6b0 [0121.842] ??2@YAPEAX_K@Z () returned 0x43f6f0 [0121.843] ISystemDebugEventFire:IsActive (This=0x229040) returned 0x1 [0121.843] GetCurrentThreadId () returned 0xe10 [0121.844] DllRegisterServer () returned 0x0 [0121.845] realloc (_Block=0x0, _Size=0x140) returned 0x43f740 [0121.846] memcpy (in: _Dst=0x43f740, _Src=0x43e820, _Size=0xa0 | out: _Dst=0x43f740) returned 0x43f740 [0121.846] memcpy (in: _Dst=0x2af8d8, _Src=0x7fef4950398, _Size=0x8 | out: _Dst=0x2af8d8) returned 0x2af8d8 [0121.846] memcpy (in: _Dst=0x2af920, _Src=0x7fef49503f0, _Size=0x8 | out: _Dst=0x2af920) returned 0x2af920 [0121.846] memcpy (in: _Dst=0x241c48, _Src=0x241d08, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.846] memcpy (in: _Dst=0x2af968, _Src=0x7fef4951c40, _Size=0xa | out: _Dst=0x2af968) returned 0x2af968 [0121.847] memcpy (in: _Dst=0x241c48, _Src=0x241d0a, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.847] memcpy (in: _Dst=0x241c48, _Src=0x241d0c, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.847] memcpy (in: _Dst=0x241c48, _Src=0x241d0e, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.850] memcpy (in: _Dst=0x241c48, _Src=0x216d68, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.851] memcpy (in: _Dst=0x241c48, _Src=0x216d6a, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.851] memcpy (in: _Dst=0x241c48, _Src=0x216d6c, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.852] memcpy (in: _Dst=0x241c48, _Src=0x216d6e, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.852] memcpy (in: _Dst=0x241c48, _Src=0x216d70, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.853] memcpy (in: _Dst=0x241c48, _Src=0x216d72, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.853] memcpy (in: _Dst=0x241c48, _Src=0x216d74, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.854] memcpy (in: _Dst=0x241c48, _Src=0x216d76, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.854] memcpy (in: _Dst=0x241c48, _Src=0x216d78, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.855] memcpy (in: _Dst=0x241c48, _Src=0x216d7a, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.855] memcpy (in: _Dst=0x241c48, _Src=0x216d7c, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.856] memcpy (in: _Dst=0x241c48, _Src=0x216d7e, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.856] memcpy (in: _Dst=0x241c48, _Src=0x216d80, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.857] memcpy (in: _Dst=0x241c48, _Src=0x216d82, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.857] memcpy (in: _Dst=0x241c48, _Src=0x216d84, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.858] memcpy (in: _Dst=0x241c48, _Src=0x216d86, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.858] memcpy (in: _Dst=0x241c48, _Src=0x216d88, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.859] memcpy (in: _Dst=0x241c48, _Src=0x216d8a, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.859] memcpy (in: _Dst=0x241c48, _Src=0x216d8c, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.860] memcpy (in: _Dst=0x241c48, _Src=0x216d8e, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.860] memcpy (in: _Dst=0x241c48, _Src=0x216d90, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.861] memcpy (in: _Dst=0x241c48, _Src=0x216d92, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.861] memcpy (in: _Dst=0x241c48, _Src=0x216d94, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.862] memcpy (in: _Dst=0x241c48, _Src=0x216d96, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.862] memcpy (in: _Dst=0x241c48, _Src=0x216d98, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.863] memcpy (in: _Dst=0x241c48, _Src=0x216d9a, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.863] memcpy (in: _Dst=0x241c48, _Src=0x216d9c, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.866] memcpy (in: _Dst=0x241c48, _Src=0x241d08, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.867] memcpy (in: _Dst=0x241c48, _Src=0x241d0a, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.867] memcpy (in: _Dst=0x241c48, _Src=0x241d0c, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.868] memcpy (in: _Dst=0x241c48, _Src=0x241d0e, _Size=0x2 | out: _Dst=0x241c48) returned 0x241c48 [0121.874] memcpy (in: _Dst=0x241d38, _Src=0x241c48, _Size=0x0 | out: _Dst=0x241d38) returned 0x241d38 [0121.874] memcpy (in: _Dst=0x241d38, _Src=0x241d08, _Size=0x8 | out: _Dst=0x241d38) returned 0x241d38 [0121.875] memcpy (in: _Dst=0x230ea8, _Src=0x2161d8, _Size=0x20 | out: _Dst=0x230ea8) returned 0x230ea8 [0121.875] memcpy (in: _Dst=0x230ec8, _Src=0x2161d8, _Size=0x20 | out: _Dst=0x230ec8) returned 0x230ec8 [0121.876] memcpy (in: _Dst=0x2af9b8, _Src=0x7fef49503c0, _Size=0xa | out: _Dst=0x2af9b8) returned 0x2af9b8 [0121.876] memcpy (in: _Dst=0x2161d8, _Src=0x230ea8, _Size=0x32 | out: _Dst=0x2161d8) returned 0x2161d8 [0121.877] memcpy (in: _Dst=0x230ea8, _Src=0x241d38, _Size=0x8 | out: _Dst=0x230ea8) returned 0x230ea8 [0121.877] memcpy (in: _Dst=0x230eb0, _Src=0x2161d8, _Size=0x32 | out: _Dst=0x230eb0) returned 0x230eb0 [0121.879] memcpy (in: _Dst=0x241d38, _Src=0x216d68, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.879] memcpy (in: _Dst=0x241d38, _Src=0x216d6a, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.880] memcpy (in: _Dst=0x241d38, _Src=0x216d6c, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.880] memcpy (in: _Dst=0x241d38, _Src=0x216d6e, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.881] memcpy (in: _Dst=0x241d38, _Src=0x216d70, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.881] memcpy (in: _Dst=0x241d38, _Src=0x216d72, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.882] memcpy (in: _Dst=0x241d38, _Src=0x216d74, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.882] memcpy (in: _Dst=0x241d38, _Src=0x216d76, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.883] memcpy (in: _Dst=0x241d38, _Src=0x216d78, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.884] memcpy (in: _Dst=0x241d38, _Src=0x216d7a, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.885] memcpy (in: _Dst=0x241d38, _Src=0x216d7c, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.885] memcpy (in: _Dst=0x241d38, _Src=0x216d7e, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.886] memcpy (in: _Dst=0x241d38, _Src=0x216d80, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.886] memcpy (in: _Dst=0x241d38, _Src=0x216d82, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.887] memcpy (in: _Dst=0x241d38, _Src=0x216d84, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.887] memcpy (in: _Dst=0x241d38, _Src=0x216d86, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.888] memcpy (in: _Dst=0x241d38, _Src=0x216d88, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.888] memcpy (in: _Dst=0x241d38, _Src=0x216d8a, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.889] memcpy (in: _Dst=0x241d38, _Src=0x216d8c, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.889] memcpy (in: _Dst=0x241d38, _Src=0x216d8e, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.890] memcpy (in: _Dst=0x241d38, _Src=0x216d90, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.890] memcpy (in: _Dst=0x241d38, _Src=0x216d92, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.891] memcpy (in: _Dst=0x241d38, _Src=0x216d94, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.891] memcpy (in: _Dst=0x241d38, _Src=0x216d96, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.892] memcpy (in: _Dst=0x241d38, _Src=0x216d98, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.893] memcpy (in: _Dst=0x241d38, _Src=0x216d9a, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.893] memcpy (in: _Dst=0x241d38, _Src=0x216d9c, _Size=0x2 | out: _Dst=0x241d38) returned 0x241d38 [0121.895] memcpy (in: _Dst=0x2161d8, _Src=0x241d38, _Size=0x0 | out: _Dst=0x2161d8) returned 0x2161d8 [0121.895] memcpy (in: _Dst=0x2161d8, _Src=0x216d68, _Size=0x36 | out: _Dst=0x2161d8) returned 0x2161d8 [0121.896] memcpy (in: _Dst=0x241c48, _Src=0x216188, _Size=0x4 | out: _Dst=0x241c48) returned 0x241c48 [0121.897] memcpy (in: _Dst=0x1f6dd8, _Src=0x2161d8, _Size=0x36 | out: _Dst=0x1f6dd8) returned 0x1f6dd8 [0121.897] memcpy (in: _Dst=0x1f6e0e, _Src=0x241c48, _Size=0x4 | out: _Dst=0x1f6e0e) returned 0x1f6e0e [0121.898] memcpy (in: _Dst=0x2afa08, _Src=0x7fef4950620, _Size=0xe | out: _Dst=0x2afa08) returned 0x2afa08 [0121.898] memcpy (in: _Dst=0x217a28, _Src=0x1f6dd8, _Size=0x3a | out: _Dst=0x217a28) returned 0x217a28 [0121.898] memcpy (in: _Dst=0x217a62, _Src=0x241c48, _Size=0x4 | out: _Dst=0x217a62) returned 0x217a62 [0121.899] memcpy (in: _Dst=0x1f6dd8, _Src=0x230ea8, _Size=0x3a | out: _Dst=0x1f6dd8) returned 0x1f6dd8 [0121.899] memcpy (in: _Dst=0x1f6e12, _Src=0x241c48, _Size=0x4 | out: _Dst=0x1f6e12) returned 0x1f6e12 [0121.899] memcpy (in: _Dst=0x230f48, _Src=0x1f6dd8, _Size=0x3e | out: _Dst=0x230f48) returned 0x230f48 [0121.899] memcpy (in: _Dst=0x230f86, _Src=0x217a28, _Size=0x3e | out: _Dst=0x230f86) returned 0x230f86 [0121.900] GetCurrentThreadId () returned 0xe10 [0121.900] DllRegisterServer () returned 0x0 [0121.901] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.901] ISystemDebugEventFire:IsActive (This=0x229040) returned 0x1 [0121.902] free (_Block=0x43f900) [0121.902] ??3@YAXPEAX@Z () returned 0x43010700540001 [0121.902] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.902] free (_Block=0x43f5d0) [0121.902] GetCurrentThreadId () returned 0xe10 [0121.902] GetCurrentThreadId () returned 0xe10 [0121.902] IUnknown:Release (This=0x229040) returned 0x1 [0121.903] DllRegisterServer () returned 0x0 [0121.903] DllRegisterServer () returned 0x0 [0121.903] GetUserDefaultLCID () returned 0x409 [0121.903] GetACP () returned 0x4e4 [0121.903] ??3@YAXPEAX@Z () returned 0x43010800580001 [0121.904] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.904] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.904] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.904] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.905] ??3@YAXPEAX@Z () returned 0x711e1001 [0121.905] ??3@YAXPEAX@Z () returned 0x711e1001 [0122.030] free (_Block=0x43e8d0) [0122.031] free (_Block=0x43f740) [0122.031] free (_Block=0x2af840) [0122.031] free (_Block=0x43ed00) [0122.031] free (_Block=0x43ea00) [0122.032] free (_Block=0x43a100) [0122.032] ??3@YAXPEAX@Z () returned 0x711e1001 [0122.032] ??3@YAXPEAX@Z () returned 0x440058007e0001 [0122.032] ISystemDebugEventFire:EndSession (This=0x229040) returned 0x0 [0122.033] IUnknown:Release (This=0x229040) returned 0x0 [0122.033] ??3@YAXPEAX@Z () returned 0x711e1001 [0122.033] ??3@YAXPEAX@Z () returned 0x711e1001 [0122.033] ??3@YAXPEAX@Z () returned 0x711e1001 [0122.034] DllRegisterServer () returned 0x0 [0122.034] IXSLProcessor:get_output (in: This=0x2048df0, pOutput=0x16f000 | out: pOutput=0x16f000*(varType=0x8, wReserved1=0x204, wReserved2=0x0, wReserved3=0x0, varVal1="Name \r\nRadeon (TM) RX 470 Graphics \r\n", varVal2=0x1)) returned 0x0 [0122.035] malloc (_Size=0x18) returned 0x43c880 [0122.035] XSLTemplate:IUnknown:Release (This=0x2048df0) returned 0x0 [0122.035] FreeThreadedDOMDocument:IUnknown:Release (This=0x204b330) returned 0x2 [0122.035] XSLTemplate:IUnknown:Release (This=0x2047620) returned 0x0 [0122.037] memcpy (in: _Dst=0x16ed80, _Src=0x43f6a0, _Size=0x10 | out: _Dst=0x16ed80) returned 0x16ed80 [0122.038] free (_Block=0x2ab830) [0122.039] ??3@YAXPEAX@Z () returned 0x43010900580001 [0122.039] ??3@YAXPEAX@Z () returned 0x711e1001 [0122.041] free (_Block=0x43f6a0) [0122.041] ??3@YAXPEAX@Z () returned 0x711e1001 [0122.042] ??3@YAXPEAX@Z () returned 0x711e1001 [0122.042] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0122.043] free (_Block=0x4386c0) [0122.043] free (_Block=0x43cd80) [0122.043] malloc (_Size=0x80) returned 0x43db90 [0122.043] memcpy_s (in: _Destination=0x43db90, _DestinationSize=0x7e, _Source=0x230fe8, _SourceSize=0x7c | out: _Destination=0x43db90) returned 0x0 [0122.044] malloc (_Size=0x30) returned 0x4386c0 [0122.044] free (_Block=0x4386c0) [0122.044] malloc (_Size=0x40) returned 0x43dc20 [0122.044] memcpy_s (in: _Destination=0x43dc20, _DestinationSize=0x3e, _Source=0x43db90, _SourceSize=0x3e | out: _Destination=0x43dc20) returned 0x0 [0122.045] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Name \r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0122.045] malloc (_Size=0x20) returned 0x43cd80 [0122.045] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Name \r\n", cchWideChar=-1, lpMultiByteStr=0x43cd80, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Name \r\n", lpUsedDefaultChar=0x0) returned 32 [0122.045] fprintf (in: _File=0x7feff862ab0, _Format="%s" | out: _File=0x7feff862ab0) returned 31 [0122.045] fflush (in: _File=0x7feff862ab0 | out: _File=0x7feff862ab0) returned 0 [0122.046] free (_Block=0x43cd80) [0122.047] free (_Block=0x43dc20) [0122.047] malloc (_Size=0x40) returned 0x43dc20 [0122.047] memcpy_s (in: _Destination=0x43dc20, _DestinationSize=0x3e, _Source=0x43dbce, _SourceSize=0x3e | out: _Destination=0x43dc20) returned 0x0 [0122.047] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Radeon (TM) RX 470 Graphics \r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0122.047] malloc (_Size=0x20) returned 0x43cd80 [0122.047] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Radeon (TM) RX 470 Graphics \r\n", cchWideChar=-1, lpMultiByteStr=0x43cd80, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Radeon (TM) RX 470 Graphics \r\n", lpUsedDefaultChar=0x0) returned 32 [0122.047] fprintf (in: _File=0x7feff862ab0, _Format="%s" | out: _File=0x7feff862ab0) returned 31 [0122.047] fflush (in: _File=0x7feff862ab0 | out: _File=0x7feff862ab0) returned 0 [0122.048] free (_Block=0x43cd80) [0122.049] free (_Block=0x43dc20) [0122.049] malloc (_Size=0x800) returned 0x43e780 [0122.049] LoadStringW (in: hInstance=0x0, uID=0xafd2, lpBuffer=0x43e780, cchBufferMax=1024 | out: lpBuffer="\r\n") returned 0x2 [0122.049] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0122.049] malloc (_Size=0x3) returned 0x437fb0 [0122.049] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x437fb0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0122.050] fprintf (in: _File=0x7feff862ab0, _Format="%s" | out: _File=0x7feff862ab0) returned 2 [0122.050] fflush (in: _File=0x7feff862ab0 | out: _File=0x7feff862ab0) returned 0 [0122.050] free (_Block=0x437fb0) [0122.050] free (_Block=0x43e780) [0122.051] free (_Block=0x43db90) [0122.051] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0122.051] free (_Block=0x43c880) [0122.051] ??1CHString@@QEAA@XZ () returned 0x711e1001 [0122.051] FreeThreadedDOMDocument:IUnknown:Release (This=0x20471d0) returned 0x0 [0122.051] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4dfc96c [0122.052] free (_Block=0x43ca00) [0122.052] malloc (_Size=0x18) returned 0x43ca00 [0122.052] free (_Block=0x43ca80) [0122.052] malloc (_Size=0x18) returned 0x43ca80 [0122.052] free (_Block=0x43cc90) [0122.052] free (_Block=0x43caa0) [0122.052] free (_Block=0x43cac0) [0122.052] free (_Block=0x43ca40) [0122.053] free (_Block=0x43ca00) [0122.053] free (_Block=0x43ca80) [0122.053] free (_Block=0x436da0) [0122.054] free (_Block=0x438680) [0122.055] free (_Block=0x438600) [0122.055] free (_Block=0x436e00) [0122.055] free (_Block=0x438780) [0122.107] free (_Block=0x43cb20) [0122.108] free (_Block=0x436ce0) [0122.108] free (_Block=0x43c900) [0122.109] free (_Block=0x43ce70) [0122.109] free (_Block=0x43c980) [0122.109] free (_Block=0x43c940) [0122.109] free (_Block=0x43c9a0) [0122.109] free (_Block=0x43c9c0) [0122.110] free (_Block=0x43c9e0) [0122.110] free (_Block=0x43cdf0) [0122.110] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4dfc96c [0122.111] free (_Block=0x43cbe0) [0122.111] free (_Block=0x43c920) [0122.112] free (_Block=0x438640) [0122.112] free (_Block=0x43cc40) [0122.112] free (_Block=0x43c960) [0122.113] free (_Block=0x437f10) [0122.113] free (_Block=0x437f60) [0122.114] free (_Block=0x436480) [0122.114] free (_Block=0x43ca20) [0122.114] free (_Block=0x436540) [0122.114] free (_Block=0x436cc0) [0122.115] free (_Block=0x438080) [0122.115] free (_Block=0x436ca0) [0122.115] free (_Block=0x438040) [0122.115] free (_Block=0x436880) [0122.116] free (_Block=0x438000) [0122.116] free (_Block=0x436760) [0122.117] free (_Block=0x436780) [0122.117] free (_Block=0x436700) [0122.118] free (_Block=0x436720) [0122.118] free (_Block=0x4367c0) [0122.118] free (_Block=0x4367e0) [0122.119] free (_Block=0x436820) [0122.119] free (_Block=0x436840) [0122.119] free (_Block=0x436640) [0122.120] free (_Block=0x436660) [0122.120] free (_Block=0x4365e0) [0122.121] free (_Block=0x436600) [0122.121] free (_Block=0x4366a0) [0122.121] free (_Block=0x4366c0) [0122.122] free (_Block=0x436580) [0122.123] free (_Block=0x4365a0) [0122.123] free (_Block=0x436500) [0122.124] free (_Block=0x4364d0) [0122.125] free (_Block=0x43cb50) [0122.125] WbemObjectTextSrc:IUnknown:Release (This=0x2395d0) returned 0x0 [0122.125] IUnknown:Release (This=0x238520) returned 0x0 [0122.126] WbemLocator:IUnknown:Release (This=0x1bcb90) returned 0x2 [0122.126] WbemLocator:IUnknown:Release (This=0x2264c0) returned 0x0 [0122.129] WbemLocator:IUnknown:Release (This=0x1bcb90) returned 0x1 [0122.129] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4dfc96c [0122.130] WbemLocator:IUnknown:Release (This=0x1bcb90) returned 0x0 [0122.130] free (_Block=0x43c800) [0122.130] free (_Block=0x43c820) [0122.131] free (_Block=0x438580) [0122.131] free (_Block=0x43c840) [0122.131] free (_Block=0x43c860) [0122.132] free (_Block=0x4385c0) [0122.132] free (_Block=0x43c680) [0122.132] free (_Block=0x43c6a0) [0122.133] free (_Block=0x438400) [0122.133] free (_Block=0x43c6c0) [0122.133] free (_Block=0x43c6e0) [0122.137] free (_Block=0x438440) [0122.137] free (_Block=0x43c600) [0122.137] free (_Block=0x43c620) [0122.137] free (_Block=0x438380) [0122.137] free (_Block=0x43c640) [0122.138] free (_Block=0x43c660) [0122.138] free (_Block=0x4383c0) [0122.138] free (_Block=0x43c780) [0122.138] free (_Block=0x43c7a0) [0122.138] free (_Block=0x438500) [0122.138] free (_Block=0x43c7c0) [0122.139] free (_Block=0x43c7e0) [0122.139] free (_Block=0x438540) [0122.139] free (_Block=0x43c580) [0122.139] free (_Block=0x43c5a0) [0122.139] free (_Block=0x438300) [0122.140] free (_Block=0x43c5c0) [0122.140] free (_Block=0x43c5e0) [0122.140] free (_Block=0x438340) [0122.140] free (_Block=0x43c700) [0122.140] free (_Block=0x43c720) [0122.141] free (_Block=0x438480) [0122.141] free (_Block=0x43c740) [0122.141] free (_Block=0x43c760) [0122.141] free (_Block=0x4384c0) [0122.141] free (_Block=0x43c4c0) [0122.141] free (_Block=0x43c4e0) [0122.142] free (_Block=0x438240) [0122.142] free (_Block=0x43c380) [0122.142] free (_Block=0x43c3a0) [0122.142] free (_Block=0x438100) [0122.143] free (_Block=0x436e70) [0122.143] free (_Block=0x436e90) [0122.143] free (_Block=0x4380c0) [0122.143] free (_Block=0x43c400) [0122.143] free (_Block=0x43c420) [0122.144] free (_Block=0x438180) [0122.144] free (_Block=0x43c500) [0122.144] free (_Block=0x43c520) [0122.144] free (_Block=0x438280) [0122.144] free (_Block=0x43c3c0) [0122.144] free (_Block=0x43c3e0) [0122.145] free (_Block=0x438140) [0122.145] free (_Block=0x43c440) [0122.145] free (_Block=0x43c460) [0122.145] free (_Block=0x4381c0) [0122.145] free (_Block=0x43c480) [0122.145] free (_Block=0x43c4a0) [0122.146] free (_Block=0x438200) [0122.146] free (_Block=0x43c540) [0122.146] free (_Block=0x43c560) [0122.146] free (_Block=0x4382c0) [0122.147] CoUninitialize () [0122.147] DllCanUnloadNow () returned 0x0 [0122.191] free (_Block=0x43ddf0) [0122.192] ??3@YAXPEAX@Z () returned 0x440077002e0001 [0122.192] ??3@YAXPEAX@Z () returned 0x711e1001 [0122.192] ??3@YAXPEAX@Z () returned 0x711e1001 [0122.192] ??3@YAXPEAX@Z () returned 0x711e1001 [0122.193] free (_Block=0x439ff0) [0122.287] exit (_Code=0) [0122.288] free (_Block=0x436d30) [0122.288] free (_Block=0x437cb0) [0122.288] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0122.288] free (_Block=0x436e20) [0122.288] free (_Block=0x436560) [0122.289] free (_Block=0x437c70) [0122.289] free (_Block=0x437c30) [0122.289] free (_Block=0x437be0) [0122.289] free (_Block=0x437ba0) [0122.290] free (_Block=0x43ccc0) [0122.290] free (_Block=0x435ae0) [0122.290] free (_Block=0x437b20) [0122.290] free (_Block=0x29df90) [0122.291] free (_Block=0x43cce0) [0122.291] ??1CHString@@QEAA@XZ () returned 0x7fef4dfc96c [0122.291] free (_Block=0x43cc60) Thread: id = 80 os_tid = 0xe14 Thread: id = 81 os_tid = 0xe18 Thread: id = 82 os_tid = 0xe1c Thread: id = 83 os_tid = 0xe20 Thread: id = 84 os_tid = 0xe24 Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x2bfcb000" os_pid = "0x2c8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c11f" [0xc000000f], "LOCAL" [0x7] Region: id = 2498 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2499 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2500 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2501 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2502 start_va = 0x50000 end_va = 0x50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2503 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2504 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2505 start_va = 0x80000 end_va = 0x8cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 2506 start_va = 0x90000 end_va = 0x10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2507 start_va = 0x110000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 2508 start_va = 0x150000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2509 start_va = 0x170000 end_va = 0x26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2510 start_va = 0x270000 end_va = 0x2d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2511 start_va = 0x2e0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 2512 start_va = 0x3e0000 end_va = 0x567fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 2513 start_va = 0x570000 end_va = 0x6f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2514 start_va = 0x700000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 2515 start_va = 0x7c0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 2516 start_va = 0x7e0000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 2517 start_va = 0x860000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 2518 start_va = 0x880000 end_va = 0x880fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 2519 start_va = 0x890000 end_va = 0x890fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2520 start_va = 0x8a0000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 2521 start_va = 0x8b0000 end_va = 0x8b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 2522 start_va = 0x8c0000 end_va = 0x8c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 2523 start_va = 0x8d0000 end_va = 0x8d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 2524 start_va = 0x8e0000 end_va = 0x8e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 2525 start_va = 0x8f0000 end_va = 0x8f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 2526 start_va = 0x900000 end_va = 0x907fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2527 start_va = 0x910000 end_va = 0x910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 2528 start_va = 0x920000 end_va = 0x920fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 2529 start_va = 0x930000 end_va = 0x930fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 2530 start_va = 0x9c0000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 2531 start_va = 0xa70000 end_va = 0xaeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 2532 start_va = 0xb10000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 2533 start_va = 0xb90000 end_va = 0xe5efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2534 start_va = 0xe60000 end_va = 0xf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2535 start_va = 0xf80000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 2536 start_va = 0x1010000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 2537 start_va = 0x1090000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 2538 start_va = 0x1120000 end_va = 0x119ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 2539 start_va = 0x11a0000 end_va = 0x1201fff monitored = 0 entry_point = 0x11b08d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 2540 start_va = 0x1250000 end_va = 0x125ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001250000" filename = "" Region: id = 2541 start_va = 0x1260000 end_va = 0x135ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 2542 start_va = 0x1360000 end_va = 0x13dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Region: id = 2543 start_va = 0x1480000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 2544 start_va = 0x1520000 end_va = 0x159ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001520000" filename = "" Region: id = 2545 start_va = 0x1620000 end_va = 0x169ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001620000" filename = "" Region: id = 2546 start_va = 0x16c0000 end_va = 0x173ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016c0000" filename = "" Region: id = 2547 start_va = 0x1740000 end_va = 0x17bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 2548 start_va = 0x17d0000 end_va = 0x184ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017d0000" filename = "" Region: id = 2549 start_va = 0x1870000 end_va = 0x18effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001870000" filename = "" Region: id = 2550 start_va = 0x1930000 end_va = 0x19affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001930000" filename = "" Region: id = 2551 start_va = 0x19b0000 end_va = 0x1baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019b0000" filename = "" Region: id = 2552 start_va = 0x1bb0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bb0000" filename = "" Region: id = 2553 start_va = 0x1fc0000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Region: id = 2554 start_va = 0x2100000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 2555 start_va = 0x21b0000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 2556 start_va = 0x21c0000 end_va = 0x25c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 2557 start_va = 0x25e0000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 2558 start_va = 0x2750000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002750000" filename = "" Region: id = 2559 start_va = 0x2800000 end_va = 0x287ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 2560 start_va = 0x2900000 end_va = 0x297ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 2561 start_va = 0x29a0000 end_va = 0x2a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 2562 start_va = 0x2a60000 end_va = 0x2adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a60000" filename = "" Region: id = 2563 start_va = 0x2ae0000 end_va = 0x2bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 2564 start_va = 0x2be0000 end_va = 0x33dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002be0000" filename = "" Region: id = 2565 start_va = 0x77660000 end_va = 0x7777efff monitored = 0 entry_point = 0x77675340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2566 start_va = 0x77780000 end_va = 0x77879fff monitored = 0 entry_point = 0x7779a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2567 start_va = 0x77880000 end_va = 0x77a28fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2568 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2569 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2570 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2571 start_va = 0xff240000 end_va = 0xff2a1fff monitored = 0 entry_point = 0xff2508d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 2572 start_va = 0xff680000 end_va = 0xff6d2fff monitored = 0 entry_point = 0xff693310 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 2573 start_va = 0xff950000 end_va = 0xff95afff monitored = 0 entry_point = 0xff95246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2574 start_va = 0x7fef3950000 end_va = 0x7fef396afff monitored = 0 entry_point = 0x7fef3951198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 2575 start_va = 0x7fef3970000 end_va = 0x7fef3a1dfff monitored = 0 entry_point = 0x7fef3974104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 2576 start_va = 0x7fef3a20000 end_va = 0x7fef3b44fff monitored = 0 entry_point = 0x7fef3a71570 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 2577 start_va = 0x7fef3cf0000 end_va = 0x7fef3d0bfff monitored = 0 entry_point = 0x7fef3cf1060 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 2578 start_va = 0x7fef9210000 end_va = 0x7fef921afff monitored = 0 entry_point = 0x7fef92112e0 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 2579 start_va = 0x7fef9220000 end_va = 0x7fef9234fff monitored = 0 entry_point = 0x7fef92212a0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 2580 start_va = 0x7fef9240000 end_va = 0x7fef9258fff monitored = 0 entry_point = 0x7fef924177c region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 2581 start_va = 0x7fef98f0000 end_va = 0x7fef9902fff monitored = 0 entry_point = 0x7fef98f1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2582 start_va = 0x7fef9bd0000 end_va = 0x7fef9bddfff monitored = 0 entry_point = 0x7fef9bd5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2583 start_va = 0x7fef9be0000 end_va = 0x7fef9c06fff monitored = 0 entry_point = 0x7fef9be11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2584 start_va = 0x7fef9c10000 end_va = 0x7fef9ce2fff monitored = 0 entry_point = 0x7fef9c88b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2585 start_va = 0x7fef9e70000 end_va = 0x7fef9ee6fff monitored = 0 entry_point = 0x7fef9eae7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2586 start_va = 0x7fefa770000 end_va = 0x7fefa777fff monitored = 0 entry_point = 0x7fefa771414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2587 start_va = 0x7fefac50000 end_va = 0x7fefac67fff monitored = 0 entry_point = 0x7fefac51bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2588 start_va = 0x7fefac70000 end_va = 0x7fefac80fff monitored = 0 entry_point = 0x7fefac716ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2589 start_va = 0x7fefaca0000 end_va = 0x7fefacf2fff monitored = 0 entry_point = 0x7fefaca2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2590 start_va = 0x7fefad30000 end_va = 0x7fefad6afff monitored = 0 entry_point = 0x7fefad34520 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 2591 start_va = 0x7fefad70000 end_va = 0x7fefadc0fff monitored = 0 entry_point = 0x7fefad7f6c0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 2592 start_va = 0x7fefade0000 end_va = 0x7fefade7fff monitored = 0 entry_point = 0x7fefade284c region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 2593 start_va = 0x7fefadf0000 end_va = 0x7fefadf9fff monitored = 0 entry_point = 0x7fefadf1adc region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 2594 start_va = 0x7fefb1e0000 end_va = 0x7fefb22efff monitored = 0 entry_point = 0x7fefb1e2760 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 2595 start_va = 0x7fefb2b0000 end_va = 0x7fefb2bafff monitored = 0 entry_point = 0x7fefb2b1198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2596 start_va = 0x7fefb2c0000 end_va = 0x7fefb2e6fff monitored = 0 entry_point = 0x7fefb2c98bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2597 start_va = 0x7fefb440000 end_va = 0x7fefb454fff monitored = 0 entry_point = 0x7fefb4460d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2598 start_va = 0x7fefb760000 end_va = 0x7fefb768fff monitored = 0 entry_point = 0x7fefb761010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 2599 start_va = 0x7fefb770000 end_va = 0x7fefb79bfff monitored = 0 entry_point = 0x7fefb7715c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2600 start_va = 0x7fefb7a0000 end_va = 0x7fefb84bfff monitored = 0 entry_point = 0x7fefb7b6acc region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 2601 start_va = 0x7fefb850000 end_va = 0x7fefb87cfff monitored = 0 entry_point = 0x7fefb851010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2602 start_va = 0x7fefb9f0000 end_va = 0x7fefba04fff monitored = 0 entry_point = 0x7fefb9f1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2603 start_va = 0x7fefba10000 end_va = 0x7fefba1bfff monitored = 0 entry_point = 0x7fefba118a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2604 start_va = 0x7fefbd10000 end_va = 0x7fefbd5afff monitored = 0 entry_point = 0x7fefbd1efcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2605 start_va = 0x7fefc180000 end_va = 0x7fefc2abfff monitored = 0 entry_point = 0x7fefc1894bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2606 start_va = 0x7fefc7f0000 end_va = 0x7fefc985fff monitored = 0 entry_point = 0x7fefc7f78e4 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 2607 start_va = 0x7fefc990000 end_va = 0x7fefc99bfff monitored = 0 entry_point = 0x7fefc991064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2608 start_va = 0x7fefc9a0000 end_va = 0x7fefca5afff monitored = 0 entry_point = 0x7fefc9a6de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2609 start_va = 0x7fefca60000 end_va = 0x7fefca66fff monitored = 0 entry_point = 0x7fefca614b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 2610 start_va = 0x7fefcb50000 end_va = 0x7fefcb6afff monitored = 0 entry_point = 0x7fefcb52068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2611 start_va = 0x7fefcb70000 end_va = 0x7fefcb8dfff monitored = 0 entry_point = 0x7fefcb713b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2612 start_va = 0x7fefccc0000 end_va = 0x7fefccc9fff monitored = 0 entry_point = 0x7fefccc3cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 2613 start_va = 0x7fefcdc0000 end_va = 0x7fefce06fff monitored = 0 entry_point = 0x7fefcdc1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2614 start_va = 0x7fefcee0000 end_va = 0x7fefcf3afff monitored = 0 entry_point = 0x7fefcee6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2615 start_va = 0x7fefd050000 end_va = 0x7fefd056fff monitored = 0 entry_point = 0x7fefd05142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 2616 start_va = 0x7fefd060000 end_va = 0x7fefd0b4fff monitored = 0 entry_point = 0x7fefd061054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2617 start_va = 0x7fefd0c0000 end_va = 0x7fefd0d7fff monitored = 0 entry_point = 0x7fefd0c3b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2618 start_va = 0x7fefd230000 end_va = 0x7fefd251fff monitored = 0 entry_point = 0x7fefd235d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2619 start_va = 0x7fefd2f0000 end_va = 0x7fefd35cfff monitored = 0 entry_point = 0x7fefd2f1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2620 start_va = 0x7fefd660000 end_va = 0x7fefd66afff monitored = 0 entry_point = 0x7fefd661030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2621 start_va = 0x7fefd690000 end_va = 0x7fefd6b4fff monitored = 0 entry_point = 0x7fefd699658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2622 start_va = 0x7fefd6c0000 end_va = 0x7fefd6cefff monitored = 0 entry_point = 0x7fefd6c1010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2623 start_va = 0x7fefd770000 end_va = 0x7fefd7acfff monitored = 0 entry_point = 0x7fefd7718f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2624 start_va = 0x7fefd7b0000 end_va = 0x7fefd7c3fff monitored = 0 entry_point = 0x7fefd7b10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2625 start_va = 0x7fefd7d0000 end_va = 0x7fefd7defff monitored = 0 entry_point = 0x7fefd7d19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2626 start_va = 0x7fefd870000 end_va = 0x7fefd87efff monitored = 0 entry_point = 0x7fefd871020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2627 start_va = 0x7fefd920000 end_va = 0x7fefd98bfff monitored = 0 entry_point = 0x7fefd922780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2628 start_va = 0x7fefd990000 end_va = 0x7fefd9a9fff monitored = 0 entry_point = 0x7fefd991558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2629 start_va = 0x7fefd9b0000 end_va = 0x7fefd9e5fff monitored = 0 entry_point = 0x7fefd9b1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2630 start_va = 0x7fefd9f0000 end_va = 0x7fefda2afff monitored = 0 entry_point = 0x7fefd9f1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2631 start_va = 0x7fefda30000 end_va = 0x7fefdb9cfff monitored = 0 entry_point = 0x7fefda310b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2632 start_va = 0x7fefde50000 end_va = 0x7fefdee8fff monitored = 0 entry_point = 0x7fefde51c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2633 start_va = 0x7fefdef0000 end_va = 0x7fefdf0efff monitored = 0 entry_point = 0x7fefdef60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2634 start_va = 0x7fefdf10000 end_va = 0x7fefe112fff monitored = 0 entry_point = 0x7fefdf33330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2635 start_va = 0x7fefe120000 end_va = 0x7fefe1e8fff monitored = 0 entry_point = 0x7fefe19a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2636 start_va = 0x7fefef80000 end_va = 0x7fefef8dfff monitored = 0 entry_point = 0x7fefef81080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2637 start_va = 0x7fefef90000 end_va = 0x7feff166fff monitored = 0 entry_point = 0x7fefef91010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2638 start_va = 0x7feff3d0000 end_va = 0x7feff4d8fff monitored = 0 entry_point = 0x7feff3d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2639 start_va = 0x7feff4e0000 end_va = 0x7feff531fff monitored = 0 entry_point = 0x7feff4e10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2640 start_va = 0x7feff540000 end_va = 0x7feff547fff monitored = 0 entry_point = 0x7feff541504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2641 start_va = 0x7feff550000 end_va = 0x7feff626fff monitored = 0 entry_point = 0x7feff553274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2642 start_va = 0x7feff630000 end_va = 0x7feff6a0fff monitored = 0 entry_point = 0x7feff641e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2643 start_va = 0x7feff7d0000 end_va = 0x7feff86efff monitored = 0 entry_point = 0x7feff7d25a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2644 start_va = 0x7feff870000 end_va = 0x7feff94afff monitored = 0 entry_point = 0x7feff890760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2645 start_va = 0x7feff950000 end_va = 0x7feff97dfff monitored = 0 entry_point = 0x7feff951010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2646 start_va = 0x7feff980000 end_va = 0x7feff9e6fff monitored = 0 entry_point = 0x7feff98b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2647 start_va = 0x7feffa10000 end_va = 0x7feffa5cfff monitored = 0 entry_point = 0x7feffa11070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2648 start_va = 0x7feffa60000 end_va = 0x7feffb8cfff monitored = 0 entry_point = 0x7feffaaed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2649 start_va = 0x7feffba0000 end_va = 0x7feffba0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2650 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 2651 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 2652 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 2653 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 2654 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 2655 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 2656 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 2657 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 2658 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 2659 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 2660 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 2661 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 2662 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 2663 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 2664 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2665 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2666 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2667 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2668 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2669 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2670 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2671 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 2672 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 2673 start_va = 0x7fffffdd000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 2674 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2676 start_va = 0x7fef37d0000 end_va = 0x7fef394ffff monitored = 0 entry_point = 0x7fef38080d0 region_type = mapped_file name = "racengn.dll" filename = "\\Windows\\System32\\RacEngn.dll" (normalized: "c:\\windows\\system32\\racengn.dll") Region: id = 2677 start_va = 0x7fef9550000 end_va = 0x7fef9576fff monitored = 0 entry_point = 0x7fef956b69c region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll") Thread: id = 90 os_tid = 0xde4 Thread: id = 91 os_tid = 0x51c Thread: id = 92 os_tid = 0x76c Thread: id = 93 os_tid = 0x6b8 Thread: id = 94 os_tid = 0x610 Thread: id = 95 os_tid = 0x174 Thread: id = 96 os_tid = 0x6d4 Thread: id = 97 os_tid = 0x310 Thread: id = 98 os_tid = 0x7d8 Thread: id = 99 os_tid = 0x7e8 Thread: id = 100 os_tid = 0x544 Thread: id = 101 os_tid = 0x540 Thread: id = 102 os_tid = 0x53c Thread: id = 103 os_tid = 0x420 Thread: id = 104 os_tid = 0x408 Thread: id = 105 os_tid = 0x3b8 Thread: id = 106 os_tid = 0x3b4 Thread: id = 107 os_tid = 0x3a4 Thread: id = 108 os_tid = 0x2fc Thread: id = 109 os_tid = 0x2f8 Thread: id = 110 os_tid = 0x2e4 Thread: id = 111 os_tid = 0x2d4 Thread: id = 112 os_tid = 0x2cc Thread: id = 115 os_tid = 0xe9c Thread: id = 117 os_tid = 0xebc Thread: id = 120 os_tid = 0xedc